WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz #24

mend-bolt-for-github · 2019-06-06T16:50:37Z

WS-2018-0103 - Medium Severity Vulnerability

Vulnerable Library - stringstream-0.0.5.tgz

Encode and decode streams into string streams

Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz

Dependency Hierarchy:

webpack-2.7.0.tgz (Root Library)
- watchpack-1.4.0.tgz
  - chokidar-1.7.0.tgz
    - fsevents-1.1.2.tgz
      - node-pre-gyp-0.6.36.tgz
        
        request-2.81.0.tgz
        
        ❌ stringstream-0.0.5.tgz (Vulnerable Library)

Found in HEAD commit: 401f73579c289637e10b6a10cb44727b52b03e1b

Vulnerability Details

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Publish Date: 2018-05-16

URL: WS-2018-0103

CVSS 2 Score Details (5.2)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/664/versions

Release Date: 2019-06-05

Fix Resolution: 0.0.6,1.0.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz #24

WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz #24

mend-bolt-for-github bot commented Jun 6, 2019

WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz #24

WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz #24

Comments

mend-bolt-for-github bot commented Jun 6, 2019

WS-2018-0103 - Medium Severity Vulnerability