You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Memory disclosure vulnerability in Bl before 0.9.5 and 1.0.0 allows concatination of uninitialized memory to the buffer collection when a value of type number is provided to the append() method.
WS-2016-0059 - Medium Severity Vulnerability
Vulnerable Libraries - bl-0.9.3.tgz, bl-0.9.4.tgz
bl-0.9.3.tgz
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
path: /tmp/git/library/node_modules/ember-cli/node_modules/npm/node_modules/request/node_modules/bl/package.json
Library home page: http://registry.npmjs.org/bl/-/bl-0.9.3.tgz
Dependency Hierarchy:
bl-0.9.4.tgz
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
path: /tmp/git/library/node_modules/ember-cli/node_modules/bower/node_modules/tar-fs/node_modules/tar-stream/node_modules/bl/package.json
Library home page: http://registry.npmjs.org/bl/-/bl-0.9.4.tgz
Dependency Hierarchy:
Vulnerability Details
Memory disclosure vulnerability in Bl before 0.9.5 and 1.0.0 allows concatination of uninitialized memory to the buffer collection when a value of type number is provided to the append() method.
Publish Date: 2016-09-18
URL: WS-2016-0059
CVSS 2 Score Details (5.6)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: rvagg/bl#22
Release Date: 2017-01-31
Fix Resolution: 0.9.5,1.0.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: