GHSA-v6gv-fg46-h89j – put

Package

Manager: npm
Name: put
Vulnerable Version: >=0 <=0.0.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Sensitive Data Exposure in put All versions of `put` are vulnerable to Uninitialized Memory Exposure. The package incorrectly calculates the allocated Buffer size and does not trim the bytes written, which may allow attackers to access uninitialized memory containing sensitive data. This vulnerability only affects versions of Node.js <=6.x. ## Recommendation Upgrade your Node.js version or consider using an alternative package.

Metadata

Created: 2020-09-03T16:48:36Z
Modified: 2020-08-31T18:43:51Z
Source: MANUAL
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F017
Auto approve: 1