WS-2016-0059 Medium Severity Vulnerability detected by WhiteSource #287
Description
WS-2016-0059 - Medium Severity Vulnerability
Vulnerable Library - bl-0.9.4.tgz
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
path: /tmp/git/http2-presentation-slides/node_modules/grunt-contrib-qunit/node_modules/grunt-lib-phantomjs/node_modules/phantomjs/node_modules/request/node_modules/bl/package.json
Library home page: http://registry.npmjs.org/bl/-/bl-0.9.4.tgz
Dependency Hierarchy:
- grunt-contrib-qunit-0.5.2.tgz (Root Library)
- grunt-lib-phantomjs-0.6.0.tgz
- phantomjs-1.9.17.tgz
- request-2.42.0.tgz
- ❌ bl-0.9.4.tgz (Vulnerable Library)
- request-2.42.0.tgz
- phantomjs-1.9.17.tgz
- grunt-lib-phantomjs-0.6.0.tgz
Vulnerability Details
Memory disclosure vulnerability in Bl before 0.9.5 and 1.0.0 allows concatination of uninitialized memory to the buffer collection when a value of type number is provided to the append() method.
Publish Date: 2016-09-18
URL: WS-2016-0059
CVSS 2 Score Details (5.6)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here