search

udsm-dhis2-lab / moh-sra-app

MOH mobile APP(Star Rating Assessment APP) to measure the performance of various healthcare facilities aimed at improving healthcare in Tanzania
GNU Lesser General Public License v3.0
0 stars 0 forks source link

WS-2018-0236 (Medium) detected in mem-1.1.0.tgz #17

Open mend-bolt-for-github[bot] opened 4 years ago

mend-bolt-for-github[bot] commented 4 years ago

WS-2018-0236 - Medium Severity Vulnerability

Vulnerable Library - mem-1.1.0.tgz

Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input

Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz

Path to dependency file: /tmp/ws-scm/moh-sra-app/package.json

Path to vulnerable library: /tmp/ws-scm/moh-sra-app/node_modules/mem/package.json

Dependency Hierarchy: - app-scripts-3.1.11.tgz (Root Library) - webpack-3.8.1.tgz - yargs-8.0.2.tgz - os-locale-2.1.0.tgz - :x: **mem-1.1.0.tgz** (Vulnerable Library)

Found in HEAD commit: 0ba2b38287afb21355ca6e883f8e2b702656a2dd

Vulnerability Details

In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.

Publish Date: 2019-05-30

URL: WS-2018-0236

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1623744

Release Date: 2019-05-30

Fix Resolution: 4.0.0

Step up your Open Source Security Game with WhiteSource here

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.96. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.