WS-2018-0103 Medium Severity Vulnerability detected by WhiteSource #13
Description
WS-2018-0103 - Medium Severity Vulnerability
Vulnerable Library - stringstream-0.0.5.tgz
Encode and decode streams into string streams
path: /tmp/git/Hardware-con-Nodejs/node_modules/serialport/node_modules/node-pre-gyp/node_modules/request/node_modules/stringstream/package.json
Library home page: http://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz
Dependency Hierarchy:
- serialport-4.0.7.tgz (Root Library)
- node-pre-gyp-0.6.32.tgz
- request-2.79.0.tgz
- ❌ stringstream-0.0.5.tgz (Vulnerable Library)
- request-2.79.0.tgz
- node-pre-gyp-0.6.32.tgz
Vulnerability Details
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Publish Date: 2018-05-16
URL: WS-2018-0103
CVSS 2 Score Details (5.2)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here