Описание
Denial of Service in mem
Versions of mem prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging.
Recommendation
Upgrade to version 4.0.0 or later.
Пакеты
Наименование
mem
npm
Затронутые версииВерсия исправления
< 4.0.0
4.0.0
5.1 Medium
CVSS3
Дефекты
CWE-400
5.1 Medium
CVSS3
Дефекты
CWE-400