Mend Bolt – Security Issue

  • Our project is experiencing a security vulnerability due to this plugin. Could you please release a new version that addresses this issue?

    Vulnerable Library - ws-7.5.9.tgz
    Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

    Library home page: https://registry.npmjs.org/ws/-/ws-7.5.9.tgz

    Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json

    Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json


    Dependency Hierarchy:

    core-data-6.18.0.tgz (Root Library)
    sync-0.3.0.tgz
    y-webrtc-10.2.5.tgz
    ? ws-7.5.9.tgz (Vulnerable Library)
    Vulnerable Library - path-to-regexp-6.2.1.tgz
    Express style path to RegExp utility

    Library home page: https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz

    Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json

    Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json


    Dependency Hierarchy:

    components-25.7.0.tgz (Root Library)
    ? path-to-regexp-6.2.1.tgz (Vulnerable Library)
Viewing 1 replies (of 1 total)
  • Thread Starter Lachezar Gadzhev

    (@lgadzhev)

    As a patch I can suggest updating this

    jwt-authentication-for-wp-rest-api/admin/ui/package.json#L23

    "@wordpress/core-data": "^6.18.0",

    to this

    "@wordpress/core-data": "^6.19.0",
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.