Описание
Out-of-bounds Read in npmconf
Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x.
Recommendation
Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used.
Пакеты
Наименование
npmconf
npm
Затронутые версииВерсия исправления
< 2.1.3
2.1.3
Дефекты
CWE-125
Дефекты
CWE-125