WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #13

mend-bolt-for-github · 2018-12-11T19:50:24Z

WS-2018-0103 - Medium Severity Vulnerability

Vulnerable Library - stringstream-0.0.5.tgz

Encode and decode streams into string streams

path: /tmp/git/Hardware-con-Nodejs/node_modules/serialport/node_modules/node-pre-gyp/node_modules/request/node_modules/stringstream/package.json

Library home page: http://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz

Dependency Hierarchy:

serialport-4.0.7.tgz (Root Library)
- node-pre-gyp-0.6.32.tgz
  - request-2.79.0.tgz
    - ❌ stringstream-0.0.5.tgz (Vulnerable Library)

Vulnerability Details

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Publish Date: 2018-05-16

URL: WS-2018-0103

CVSS 2 Score Details (5.2)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 11, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #13

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #13

mend-bolt-for-github bot commented Dec 11, 2018

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #13

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #13

Comments

mend-bolt-for-github bot commented Dec 11, 2018

WS-2018-0103 - Medium Severity Vulnerability