forwardho (>=0.0.4 <=0.0.7) potentially affected by unknown CVE via floody (=0.0.1)

floody NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on floody and may be impacted: - forwardho =0.0.4, =0.0.7 Source cves: unknown CVE Source advisory: OSV:GHSA-3P92-886G-QXPQ...

Remote Memory Exposure in floody

Versions of floody before 0.1.1 are vulnerable to remote memory exposure. .writenumber in the affected floody versions passes a number to Buffer constructor, appending a chunk of uninitialized memory. Proof of Concept: var f = require'floody'process.stdout; f.writeUSERSUPPLIEDINPUT; 'f.stop;...

GHSA-3P92-886G-QXPQ Remote Memory Exposure in floody

Versions of floody before 0.1.1 are vulnerable to remote memory exposure. .writenumber in the affected floody versions passes a number to Buffer constructor, appending a chunk of uninitialized memory. Proof of Concept: var f = require'floody'process.stdout; f.writeUSERSUPPLIEDINPUT; 'f.stop;...

Remote Memory Exposure

Overview Versions of floody before 0.1.1 are vulnerable to remote memory exposure. .writenumber in the affected floody versions passes a number to Buffer constructor, appending a chunk of uninitialized memory. Proof of Concept: var f = require'floody'process.stdout; f.writeUSERSUPPLIEDINPUT;...

Information Disclosure

floody is vulnerable to information disclosure. Attackers can obtain uninitialized memory when a number value is given to the write method. Uninitialized memory is concatenated to the buffer collection and if exposed may contain confidential information...