Open mend-bolt-for-github[bot] opened 1 year ago
Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles:
Library home page: https://github.com/nodejs/node.git
Found in HEAD commit: b31d728670f7b1cea140b9a346bf71d1a9771fb2
Found in base branch: clean_branch
/functions/node_modules/grpc/deps/grpc/third_party/zlib/trees.c /node_modules/@firebase/firestore/node_modules/grpc/deps/grpc/third_party/zlib/deflate.c /node_modules/@firebase/firestore/node_modules/grpc/deps/grpc/third_party/zlib/deflate.h
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Release Date: 2022-03-25
Fix Resolution: v1.2.12
Step up your Open Source Security Game with Mend here
CVE-2018-25032 - High Severity Vulnerability
Vulnerable Library - nodev7.7.1
Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles:
Library home page: https://github.com/nodejs/node.git
Found in HEAD commit: b31d728670f7b1cea140b9a346bf71d1a9771fb2
Found in base branch: clean_branch
Vulnerable Source Files (3)
/functions/node_modules/grpc/deps/grpc/third_party/zlib/trees.c /node_modules/@firebase/firestore/node_modules/grpc/deps/grpc/third_party/zlib/deflate.c /node_modules/@firebase/firestore/node_modules/grpc/deps/grpc/third_party/zlib/deflate.h
Vulnerability Details
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2022-03-25
Fix Resolution: v1.2.12
Step up your Open Source Security Game with Mend here