IssueHunt
Bug Bounty (New!)
Browse
Sign in with GitHub
scriptex/github-pages-vuepress

CVE-2021-23424 (High) detected in ansi-html-0.0.7.tgz #108

whitesource-bolt-for-github[bot] posted onGitHub

CVE-2021-23424 - High Severity Vulnerability

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png&#39; width=19 height=20> Vulnerable Library - <b>ansi-html-0.0.7.tgz</b></p></summary>

<p>An elegant lib that converts the chalked (ANSI) text to HTML.</p> <p>Library home page: <a href="https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz">https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz</a></p> <p>Path to dependency file: github-pages-vuepress/package.json</p> <p>Path to vulnerable library: github-pages-vuepress/node_modules/ansi-html/package.json</p> <p>

Dependency Hierarchy:

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.

<p>Publish Date: 2021-08-18 <p>URL: <a href=https://vuln.whitesourcesoftware.com/vulnerability/CVE-2021-23424>CVE-2021-23424</a></p> </p> </details> <p></p> <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png&#39; width=19 height=20> CVSS 3 Score Details (<b>7.5</b>)</summary> <p>

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:

Step up your Open Source Security Game with WhiteSource here

Fund this Issue

$0.00
Funded

Pull requests

Company
AboutMission
Community
SpectrumEmbed
Support
FAQTerms of usePrivacy policyCode of conductCredits
Connect
FacebookTwitter

© 2019 BoostIO, Inc.