5 matches found
GHSA-MF6X-7MM4-X2G7 Out-of-bounds Read in stringstream
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...
GHSA-57CF-349J-352G Out-of-bounds Read in npmconf
Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used...
CVE-2018-3745
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...
ALPINE-CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
PT-2018-17919 · Node.Js +2 · Node.Js +2
Name of the Vulnerable Software and Affected Versions: Node.js versions 4.x Description: The issue concerns a potential regular expression denial of service ReDoS vector in the 'path' module. This module is used for various path parsing functions, including path.dirname, path.extname, and...