GHSA-v6cj-r88p-92rm

Опубликовано: 30 сент. 2019

Источник: github

Github: Прошло ревью

CVSS3: 7.3

Описание

Buffer Overflow in centra

Denial of Service

Impact

Affected Centra versions will, when not in stream mode, buffer responses to requests into memory with no size limit. This issue affects anyone requesting content from untrusted sources.

Patches

Version 2.4.0 resolves the issue by limiting the size of buffered response body.

Workarounds

Attempting workarounds isn't recommended. Updating is preferred.

For more information

If you have any questions or comments about this advisory, open an issue in ethanent/centra.

Ссылки

https://github.com/ethanent/centra/security/advisories/GHSA-v6cj-r88p-92rm
https://github.com/advisories/GHSA-v6cj-r88p-92rm
https://snyk.io/vuln/SNYK-JS-CENTRA-536073

Пакеты

Наименование

centra

npm

Затронутые версииВерсия исправления

< 2.4.0

2.4.0

7.3 High

CVSS3

Дефекты

CWE-119

7.3 High

CVSS3

Дефекты

CWE-119