WS-2018-0236 (Medium) detected in mem-1.1.0.tgz #66

mend-for-github-com · 2019-07-12T15:10:30Z

WS-2018-0236 - Medium Severity Vulnerability

Vulnerable Library - mem-1.1.0.tgz

Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input

Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz

Path to dependency file: /blackrock/OpenReferral-DataGuardUI/package.json

Path to vulnerable library: /tmp/git/blackrock/OpenReferral-DataGuardUI/node_modules/mem/package.json

Dependency Hierarchy:

cli-1.3.0.tgz (Root Library)
- webpack-3.4.1.tgz
  - yargs-8.0.2.tgz
    - os-locale-2.1.0.tgz
      - ❌ mem-1.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 61f547a1282dec4e895d18c2888e62c2d68b9198

Vulnerability Details

In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.

Publish Date: 2019-05-30

URL: WS-2018-0236

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1623744

Release Date: 2019-05-30

Fix Resolution: 4.0.0

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jul 12, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0236 (Medium) detected in mem-1.1.0.tgz #66

WS-2018-0236 (Medium) detected in mem-1.1.0.tgz #66

mend-for-github-com bot commented Jul 12, 2019

WS-2018-0236 (Medium) detected in mem-1.1.0.tgz #66

WS-2018-0236 (Medium) detected in mem-1.1.0.tgz #66

Comments

mend-for-github-com bot commented Jul 12, 2019

WS-2018-0236 - Medium Severity Vulnerability