WS-2016-0025 Medium Severity Vulnerability detected by WhiteSource
mend-bolt-for-github opened this issue · 0 comments
mend-bolt-for-github commented
WS-2016-0025 - Medium Severity Vulnerability
Vulnerable Library - request-2.67.0.tgz
Simplified HTTP request client.
path: /tmp/git/RA9.github.io/bower_components/jqcloud2/node_modules/request/package.json
Library home page: http://registry.npmjs.org/request/-/request-2.67.0.tgz
Dependency Hierarchy:
- grunt-contrib-qunit-0.5.2.tgz (Root Library)
- grunt-lib-phantomjs-0.6.0.tgz
- phantomjs-1.9.20.tgz
- ❌ request-2.67.0.tgz (Vulnerable Library)
- phantomjs-1.9.20.tgz
- grunt-lib-phantomjs-0.6.0.tgz
Vulnerability Details
There is a potential remote memory exposure vulnerability in request from version 2.2.5 before version 2.68.0. If the node process makes a request with a multipart attachment, and the type of the body option is a Number, then that many bytes of uninitialized memory will be sent in the body of the request.
Publish Date: 2016-03-22
URL: WS-2016-0025
CVSS 2 Score Details (6.1)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here