There is a potential remote memory exposure vulnerability in request from version 2.2.5 before version 2.68.0. If the node process makes a request with a multipart attachment, and the type of the body option is a Number, then that many bytes of uninitialized memory will be sent in the body of the request.
WS-2016-0025 - Medium Severity Vulnerability
Simplified HTTP request client.
path: /tmp/git/photo-contest/node_modules/pangyp/node_modules/request/package.json
Library home page: http://registry.npmjs.org/request/-/request-2.51.0.tgz
Dependency Hierarchy: - gulp-sass-1.3.3.tgz (Root Library) - node-sass-2.1.1.tgz - pangyp-2.3.3.tgz - :x: **request-2.51.0.tgz** (Vulnerable Library)There is a potential remote memory exposure vulnerability in request from version 2.2.5 before version 2.68.0. If the node process makes a request with a multipart attachment, and the type of the body option is a Number, then that many bytes of uninitialized memory will be sent in the body of the request.
Publish Date: 2016-03-22
URL: WS-2016-0025
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here