Security fix needed - next test/fix-update #25

DawnmarieDesJardins · 2019-07-01T22:30:26Z

Potential security vulnerability received. Please review and correct at next test/fix-update:

1 stringstream vulnerability found in …/cli/package-lock.json 11 days ago
Remediation
Upgrade stringstream to version 0.0.6 or later. For example:
"dependencies": {
"stringstream": ">=0.0.6"
}
or…
"devDependencies": {
"stringstream": ">=0.0.6"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
WS-2018-0103
More information
moderate severity
Vulnerable versions: < 0.0.6
Patched version: 0.0.6
stringstream versions before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

DawnmarieDesJardins · 2019-11-01T20:45:13Z

Closing as addressed in PR #32

DawnmarieDesJardins added the enhancement New feature or request label Jul 1, 2019

DawnmarieDesJardins mentioned this issue Aug 15, 2019

September 2019 - Content update #29

Closed

codingbandit mentioned this issue Oct 2, 2019

Feature/september 2019 update #32

Merged

DawnmarieDesJardins closed this as completed Nov 1, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security fix needed - next test/fix-update #25

Security fix needed - next test/fix-update #25

DawnmarieDesJardins commented Jul 1, 2019

DawnmarieDesJardins commented Nov 1, 2019

Security fix needed - next test/fix-update #25

Security fix needed - next test/fix-update #25

Comments

DawnmarieDesJardins commented Jul 1, 2019

DawnmarieDesJardins commented Nov 1, 2019