GHSA-v6gv-fg46-h89j

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Sensitive Data Exposure in put

All versions of put are vulnerable to Uninitialized Memory Exposure. The package incorrectly calculates the allocated Buffer size and does not trim the bytes written, which may allow attackers to access uninitialized memory containing sensitive data. This vulnerability only affects versions of Node.js <=6.x.

Recommendation

Upgrade your Node.js version or consider using an alternative package.

Ссылки

https://hackerone.com/reports/321702
https://www.npmjs.com/advisories/1007

Пакеты

Наименование

put

npm

Затронутые версииВерсия исправления

Отсутствует

Дефекты

CWE-200

Дефекты

CWE-200