Описание
Remote Memory Exposure in mongoose
Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure.
Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database.
Recommendation
Update to version 4.3.6, 3.8.39 or later.
Пакеты
Наименование
mongoose
npm
Затронутые версииВерсия исправления
>= 3.5.5, <= 3.8.38
3.8.39
Наименование
mongoose
npm
Затронутые версииВерсия исправления
>= 4.0.0, <= 4.3.5
4.3.6
5.1 Medium
CVSS3
Дефекты
CWE-201
5.1 Medium
CVSS3
Дефекты
CWE-201