Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

WS-2019-0211 (Medium) detected in quill-1.3.6.tgz #53

Open
mend-bolt-for-github bot opened this issue Sep 26, 2019 · 0 comments
Open

WS-2019-0211 (Medium) detected in quill-1.3.6.tgz #53

mend-bolt-for-github bot opened this issue Sep 26, 2019 · 0 comments
Labels
security vulnerability Security vulnerability detected by WhiteSource

Comments

@mend-bolt-for-github
Copy link
Contributor

WS-2019-0211 - Medium Severity Vulnerability

Vulnerable Library - quill-1.3.6.tgz

Your powerful, rich text editor

Library home page: https://registry.npmjs.org/quill/-/quill-1.3.6.tgz

Path to dependency file: /tmp/ws-scm/RenFei.Net/web/src/main/console/package.json

Path to vulnerable library: /tmp/ws-scm/RenFei.Net/web/src/main/console/node_modules/quill/package.json

Dependency Hierarchy:

  • vue-quill-editor-3.0.6.tgz (Root Library)
    • quill-1.3.6.tgz (Vulnerable Library)

Found in HEAD commit: 2cd5eadf7e5cb227ca1fdfd49e95fe803da92218

Vulnerability Details

quill all versions are vulnerable to Reverse Tabnapping, allowing attackers to access window.opener for the original page when opening links.

Publish Date: 2019-09-05

URL: WS-2019-0211

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here
@mend-bolt-for-github mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Sep 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants