WS-2016-0059 Medium Severity Vulnerability detected by WhiteSource #62

mend-bolt-for-github · 2019-02-05T09:46:50Z

WS-2016-0059 - Medium Severity Vulnerability

Vulnerable Library - bl-0.9.4.tgz

Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!

path: /tmp/git/http2-presentation-slides/node_modules/grunt-contrib-qunit/node_modules/grunt-lib-phantomjs/node_modules/phantomjs/node_modules/request/node_modules/bl/package.json

Library home page: http://registry.npmjs.org/bl/-/bl-0.9.4.tgz

Dependency Hierarchy:

grunt-contrib-qunit-0.5.2.tgz (Root Library)
- grunt-lib-phantomjs-0.6.0.tgz
  - phantomjs-1.9.17.tgz
    - request-2.42.0.tgz
      - ❌ bl-0.9.4.tgz (Vulnerable Library)

Vulnerability Details

Memory disclosure vulnerability in Bl before 0.9.5 and 1.0.0 allows concatination of uninitialized memory to the buffer collection when a value of type number is provided to the append() method.

Publish Date: 2016-09-18

URL: WS-2016-0059

CVSS 2 Score Details (5.6)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 5, 2019

derberg closed this as completed Feb 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2016-0059 Medium Severity Vulnerability detected by WhiteSource #62

WS-2016-0059 Medium Severity Vulnerability detected by WhiteSource #62

mend-bolt-for-github bot commented Feb 5, 2019

WS-2016-0059 Medium Severity Vulnerability detected by WhiteSource #62

WS-2016-0059 Medium Severity Vulnerability detected by WhiteSource #62

Comments

mend-bolt-for-github bot commented Feb 5, 2019

WS-2016-0059 - Medium Severity Vulnerability