@aabenoja/karma-phantomjs-launcher (=0.2.1), @aabenoja/phantomjs (=2.0.0) +460 more potentially affected by unknown CVE via npmconf (>=0.0.19 <=2.1.2)

npmconf NPM version =0.0.19, =0.1.28, =1.2.6, =2.7.2, =4.5.201902251314, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =1.0.3, =2.19.0, =2.19.3 - @jrossi/phantomjs2 =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-57CF-349J-352G...

Out-of-bounds Read in npmconf

Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used...

Out-of-bounds Read

Overview Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should no...

Uninitialized Memory

npmconf is vulnerable to uninitialized memory. The library contains an uninitialized memory allocation when passing a large number as the password property of config.setCredentialsByURI, which can allow a malicious user to gain access to sensitive information or crash the application...

Node.js third-party modules: `npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x

I would like to report a Buffer allocation issue in npmconf and npm package js api. It allows to extract sensitive content from uninitialized memory by passing typed input to setCredentialsByURI, limited to Node.js 4.x and below. Module module name: npmconf version: 2.1.2 npm page:...

Fedora Update for nodejs-npmconf FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-npmconf FEDORA-2013-11780

Check for the Version of nodejs-npmconf OpenVAS Vulnerability Test Fedora Update for nodejs-npmconf FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

[SECURITY] Fedora 18 Update: nodejs-npmconf-0.1.1-1.fc18

If you are interested in interacting with the config settings that npm uses, then use this module. However, if you are writing a new Node.js program, and want configuration functionality similar to what npm has, but for your own thing, then the author recommends rc. This module is for compatibili...