GHSA-8948-ffc6-jg52

Опубликовано: 06 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 4.2

Описание

Insecure Default Configuration in redbird

Versions of redbird prior to 0.9.1 have a vulnerable default configuration of allowing TLS 1.0 connections on lib/proxy.js. The package does not provide an option to disable TLS 1.0 which is deprecated and vulnerable.

Recommendation

Upgrade to version 0.9.1 or later.

Ссылки

https://github.com/OptimalBits/redbird/pull/207
https://github.com/OptimalBits/redbird/commit/39c7a2da84a2ddddfe046ea80e98800518920516
https://snyk.io/vuln/SNYK-JS-REDBIRD-174455
https://www.npmjs.com/advisories/828

Пакеты

Наименование

redbird

npm

Затронутые версииВерсия исправления

<= 0.9.0

Отсутствует

4.2 Medium

CVSS3

Дефекты

CWE-20

4.2 Medium

CVSS3

Дефекты

CWE-20