This repository has been archived by the owner on Jul 13, 2021. It is now read-only.
WS-2014-0009 Medium Severity Vulnerability detected by WhiteSource #57
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
WS-2014-0009 - Medium Severity Vulnerability
Data validation, filtering and sanitization for node.js
path: /curratelo/node_modules/validator/package.json
Library home page: http://registry.npmjs.org/validator/-/validator-1.5.1.tgz
Dependency Hierarchy:
XSS Filter Bypass via Encoded URL - The validator module for Node.js contains functionality meant to filter potential XSS attacks (a filter called xss). A method of bypassing the filter via an encoded URL has been publicly disclosed.
Publish Date: 2014-10-27
URL: WS-2014-0009
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/validator_XSS_Filter_Bypass_via_Encoded_URL
Release Date: 2014-10-27
Fix Resolution: Upgrade to the latest version of this library. However, it should be noted that the fix for this vulnerability was to remove the xss filter functionality. Seek another library to provide proper output encoding.
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: