Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Z3YtZmc0Ni1oODlq
Sensitive Data Exposure in put
All versions of put
are vulnerable to Uninitialized Memory Exposure. The package incorrectly calculates the allocated Buffer size and does not trim the bytes written, which may allow attackers to access uninitialized memory containing sensitive data. This vulnerability only affects versions of Node.js <=6.x.
Recommendation
Upgrade your Node.js version or consider using an alternative package.
Permalink: https://github.com/advisories/GHSA-v6gv-fg46-h89jJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Z3YtZmc0Ni1oODlq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-v6gv-fg46-h89j
References:
- https://hackerone.com/reports/321702
- https://www.npmjs.com/advisories/1007
- https://github.com/advisories/GHSA-v6gv-fg46-h89j
Affected Packages
npm:put
Dependent packages: 58Dependent repositories: 539
Downloads: 36,643 last month
Affected Version Ranges: >= 0
No known fixed version
All affected versions: 0.0.1, 0.0.3, 0.0.4, 0.0.5, 0.0.6