WS-2018-0074 Medium Severity Vulnerability detected by WhiteSource #288
Description
WS-2018-0074 - Medium Severity Vulnerability
Vulnerable Library - bl-0.9.4.tgz
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
path: /tmp/git/http2-presentation-slides/node_modules/grunt-contrib-qunit/node_modules/grunt-lib-phantomjs/node_modules/phantomjs/node_modules/request/node_modules/bl/package.json
Library home page: http://registry.npmjs.org/bl/-/bl-0.9.4.tgz
Dependency Hierarchy:
- grunt-contrib-qunit-0.5.2.tgz (Root Library)
- grunt-lib-phantomjs-0.6.0.tgz
- phantomjs-1.9.17.tgz
- request-2.42.0.tgz
- ❌ bl-0.9.4.tgz (Vulnerable Library)
- request-2.42.0.tgz
- phantomjs-1.9.17.tgz
- grunt-lib-phantomjs-0.6.0.tgz
Vulnerability Details
Versions of bl before 0.9.5 and 1.0.1 are vulnerable to memory exposure.
bl.append(number) in the affected bl versions passes a number to Buffer constructor, appending a chunk of uninitialized memory
Publish Date: 2018-04-25
URL: WS-2018-0074
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here