search

impactmass / cordova-rave

A Cordova extension to add Rave Pay Button into your hybrid app builds
MIT License
8 stars 7 forks source link

Snyk report - Uninitialized Memory Exposure #29

Open impactmass opened 6 years ago

impactmass commented 6 years ago

Vulnerable module: utile

Introduced through: prompt@1.0.0 Detailed paths and remediation Introduced through: 

cordova-rave@0.0.0-development › prompt@1.0.0 › utile@0.3.0
Remediation: No remediation path available.

Overview utile is a drop-in replacement for util with some additional advantageous functions.

Affected versions of this package are vulnerable to Uninitialized Memory Exposure. A malicious user could extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed.

Note Uninitialized Memory Exposure impacts only Node.js 6.x or lower, Denial of Service impacts any Node.js version.

impactmass commented 6 years ago

Fixed in latest release 1.2.2

impactmass commented 6 years ago

Snyk still reports this in latest release