Snyk report - Uninitialized Memory Exposure #29

impactmass · 2018-08-16T13:23:29Z

Vulnerable module: utile

Introduced through: prompt@1.0.0
Detailed paths and remediation
Introduced through:

cordova-rave@0.0.0-development › prompt@1.0.0 › utile@0.3.0
Remediation: No remediation path available.

Overview
utile is a drop-in replacement for util with some additional advantageous functions.

Affected versions of this package are vulnerable to Uninitialized Memory Exposure. A malicious user could extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed.

Note Uninitialized Memory Exposure impacts only Node.js 6.x or lower, Denial of Service impacts any Node.js version.

The text was updated successfully, but these errors were encountered:

impactmass · 2018-10-14T20:56:22Z

Fixed in latest release 1.2.2

impactmass · 2018-10-17T12:37:37Z

Snyk still reports this in latest release

impactmass closed this as completed Oct 14, 2018

impactmass reopened this Oct 17, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk report - Uninitialized Memory Exposure #29

Snyk report - Uninitialized Memory Exposure #29

impactmass commented Aug 16, 2018 •

edited

Loading

impactmass commented Oct 14, 2018

impactmass commented Oct 17, 2018

Snyk report - Uninitialized Memory Exposure #29

Snyk report - Uninitialized Memory Exposure #29

Comments

impactmass commented Aug 16, 2018 • edited Loading

Vulnerable module: utile

impactmass commented Oct 14, 2018

impactmass commented Oct 17, 2018

impactmass commented Aug 16, 2018 •

edited

Loading