WS-2016-0025 Medium Severity Vulnerability detected by WhiteSource #9

mend-bolt-for-github · 2018-12-25T10:05:29Z

WS-2016-0025 - Medium Severity Vulnerability

Vulnerable Library - request-2.16.6.tgz

Simplified HTTP request client.

path: /tmp/git/sqs-poller/node_modules/request/package.json

Library home page: http://registry.npmjs.org/request/-/request-2.16.6.tgz

Dependency Hierarchy:

winston-0.7.3.tgz (Root Library)
- ❌ request-2.16.6.tgz (Vulnerable Library)

Vulnerability Details

There is a potential remote memory exposure vulnerability in request from version 2.2.5 before version 2.68.0. If the node process makes a request with a multipart attachment, and the type of the body option is a Number, then that many bytes of uninitialized memory will be sent in the body of the request.

Publish Date: 2016-03-22

URL: WS-2016-0025

CVSS 2 Score Details (6.1)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 25, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2016-0025 Medium Severity Vulnerability detected by WhiteSource #9

WS-2016-0025 Medium Severity Vulnerability detected by WhiteSource #9

mend-bolt-for-github bot commented Dec 25, 2018

WS-2016-0025 Medium Severity Vulnerability detected by WhiteSource #9

WS-2016-0025 Medium Severity Vulnerability detected by WhiteSource #9

Comments

mend-bolt-for-github bot commented Dec 25, 2018

WS-2016-0025 - Medium Severity Vulnerability