The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Vulnerable Package issue exists @ Npm-request-2.67.0 in branch master
Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >=2.49.0 <=2.67.0.
Vulnerable Package issue exists @ Npm-request-2.67.0 in branch master
Request is an http client. If a request is made using
multipart, and the body type is anumber, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >=2.49.0 <=2.67.0.Namespace: RobertMickleCx Repository: NodeGoat Repository Url: https://github.com/RobertMickleCx/NodeGoat CxAST-Project: RobertMickleCx/NodeGoat CxAST platform scan: e7941f4d-fb14-4e6e-9cdc-c12dbbe3cdc7 Branch: master Application: NodeGoat Severity: MEDIUM State: NOT_IGNORED Status: RECURRENT CWE: CWE-20
Additional Info Attack vector: NETWORK Attack complexity: HIGH Confidentiality impact: HIGH Availability impact: NONE
References Commit Advisory Advisory Issue Pull request