You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Memory disclosure vulnerability in Bl before 0.9.5 and 1.0.0 allows concatination of uninitialized memory to the buffer collection when a value of type number is provided to the append() method.
mend-bolt-for-githubbot
changed the title
WS-2016-0059 (Medium) detected in bl-0.8.2.tgz
WS-2016-0059 (Medium) detected in bl-0.8.2.tgz - autoclosed
Apr 28, 2022
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
WS-2016-0059 - Medium Severity Vulnerability
Vulnerable Library - bl-0.8.2.tgz
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
Library home page: https://registry.npmjs.org/bl/-/bl-0.8.2.tgz
Path to dependency file: /ionic-angular-twitter-pwa/package.json
Path to vulnerable library: /ionic-angular-twitter-pwa/node_modules/bl/package.json
Dependency Hierarchy:
Found in HEAD commit: 64dde89c50c07496423c4d4a865f2e16b92399ad
Vulnerability Details
Memory disclosure vulnerability in Bl before 0.9.5 and 1.0.0 allows concatination of uninitialized memory to the buffer collection when a value of type number is provided to the append() method.
Publish Date: 2016-01-19
URL: WS-2016-0059
CVSS 3 Score Details (5.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: rvagg/bl#22
Release Date: 2016-01-19
Fix Resolution: 0.9.5,1.0.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: