WS-2017-0107 Medium Severity Vulnerability detected by WhiteSource #16

mend-bolt-for-github · 2019-01-23T14:59:25Z

WS-2017-0107 - Medium Severity Vulnerability

Vulnerable Library - ws-1.1.1.tgz

simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455

path: null

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.1.tgz

Dependency Hierarchy:

browser-sync-2.21.0.tgz (Root Library)
- socket.io-client-1.6.0.tgz
  - engine.io-client-1.8.0.tgz
    - ❌ ws-1.1.1.tgz (Vulnerable Library)

Vulnerability Details

Depending on the JavaScript engine, Math.random can be anywhere between extremely insecure and cryptographically pseudo-random.
Versions which use Math.random can produce predictable values, thus shall not be used.

Publish Date: 2016-09-20

URL: WS-2017-0107

CVSS 2 Score Details (5.9)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: websockets/ws@7253f06

Release Date: 2016-11-25

Fix Resolution: Replace or update the following file: Sender.js

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 23, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2017-0107 Medium Severity Vulnerability detected by WhiteSource #16

WS-2017-0107 Medium Severity Vulnerability detected by WhiteSource #16

mend-bolt-for-github bot commented Jan 23, 2019

WS-2017-0107 Medium Severity Vulnerability detected by WhiteSource #16

WS-2017-0107 Medium Severity Vulnerability detected by WhiteSource #16

Comments

mend-bolt-for-github bot commented Jan 23, 2019

WS-2017-0107 - Medium Severity Vulnerability