WS-2018-0075 Medium Severity Vulnerability detected by WhiteSource
Opened this issue · 0 comments
mend-bolt-for-github commented
WS-2018-0075 - Medium Severity Vulnerability
Vulnerable Library - concat-stream-1.5.0.tgz
writable stream that concatenates strings or binary data and calls a callback with the result
path: /tmp/git/RA9.github.io/bower_components/jqcloud2/node_modules/extract-zip/node_modules/concat-stream/package.json
Library home page: http://registry.npmjs.org/concat-stream/-/concat-stream-1.5.0.tgz
Dependency Hierarchy:
- grunt-contrib-qunit-0.5.2.tgz (Root Library)
- grunt-lib-phantomjs-0.6.0.tgz
- phantomjs-1.9.20.tgz
- extract-zip-1.5.0.tgz
- ❌ concat-stream-1.5.0.tgz (Vulnerable Library)
- extract-zip-1.5.0.tgz
- phantomjs-1.9.20.tgz
- grunt-lib-phantomjs-0.6.0.tgz
Vulnerability Details
Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()
Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Publish Date: 2018-04-25
URL: WS-2018-0075
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here