JSHint icon indicating copy to clipboard operation
JSHint copied to clipboard
verified publisher icon LightTable

WS-2018-0075 Medium Severity Vulnerability detected by WhiteSource

Open mend-bolt-for-github[bot] opened this issue 6 years ago • 0 comments

WS-2018-0075 - Medium Severity Vulnerability

Vulnerable Library - concat-stream-1.4.11.tgz

writable stream that concatenates strings or binary data and calls a callback with the result

path: /tmp/git/JSHint/node_modules/jshint/node_modules/concat-stream/package.json

Library home page: https://registry.npmjs.org/concat-stream/-/concat-stream-1.4.11.tgz

Dependency Hierarchy:

  • browserify-9.0.8.tgz (Root Library)
    • :x: concat-stream-1.4.11.tgz (Vulnerable Library)

Vulnerability Details

Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()

Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.

Publish Date: 2018-04-25

URL: WS-2018-0075

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Feb 11 '19 14:02 mend-bolt-for-github[bot]