WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #4

mend-bolt-for-github · 2018-12-07T12:43:58Z

WS-2018-0103 - Medium Severity Vulnerability

Vulnerable Library - stringstream-0.0.5.tgz

Encode and decode streams into string streams

path: /tmp/git/listo-firebase/firebase/functions/node_modules/stringstream/package.json

Library home page: http://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz

Dependency Hierarchy:

datastore-1.3.4.tgz (Root Library)
- common-0.16.1.tgz
  - request-2.83.0.tgz
    - ❌ stringstream-0.0.5.tgz (Vulnerable Library)

Vulnerability Details

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Publish Date: 2018-05-16

URL: WS-2018-0103

CVSS 2 Score Details (5.2)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 7, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #4

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #4

mend-bolt-for-github bot commented Dec 7, 2018

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #4

WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #4

Comments

mend-bolt-for-github bot commented Dec 7, 2018

WS-2018-0103 - Medium Severity Vulnerability