Open mend-bolt-for-github[bot] opened 5 years ago
Encode and decode streams into string streams
Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/stringstream/package.json
Dependency Hierarchy: - cli-1.6.1.tgz (Root Library) - less-2.7.3.tgz - request-2.81.0.tgz - :x: **stringstream-0.0.5.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Publish Date: 2018-05-16
URL: WS-2018-0103
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/664/versions
Release Date: 2019-06-05
Fix Resolution: 0.0.6,1.0.0
Step up your Open Source Security Game with WhiteSource here
WS-2018-0103 - Medium Severity Vulnerability
Encode and decode streams into string streams
Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/stringstream/package.json
Dependency Hierarchy: - cli-1.6.1.tgz (Root Library) - less-2.7.3.tgz - request-2.81.0.tgz - :x: **stringstream-0.0.5.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Publish Date: 2018-05-16
URL: WS-2018-0103
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/664/versions
Release Date: 2019-06-05
Fix Resolution: 0.0.6,1.0.0
Step up your Open Source Security Game with WhiteSource here