WS-2017-0107 Medium Severity Vulnerability detected by WhiteSource #5
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2017-0107 - Medium Severity Vulnerability
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
path: /OSWaldito/node_modules/engine.io/node_modules/ws/package.json
Library home page: https://registry.npmjs.org/ws/-/ws-1.1.1.tgz
Dependency Hierarchy:
Depending on the JavaScript engine, Math.random can be anywhere between extremely insecure and cryptographically pseudo-random.
Versions which use Math.random can produce predictable values, thus shall not be used.
Publish Date: 2016-09-20
URL: WS-2017-0107
Base Score Metrics not available
Type: Change files
Origin: websockets/ws@7253f06
Release Date: 2016-11-25
Fix Resolution: Replace or update the following file: Sender.js
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: