Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WS-2019-0307 (Medium) detected in mem-1.1.0.tgz #1153

Closed
mend-for-github-com bot opened this issue Jan 14, 2022 · 0 comments · Fixed by #1105
Closed

WS-2019-0307 (Medium) detected in mem-1.1.0.tgz #1153

mend-for-github-com bot opened this issue Jan 14, 2022 · 0 comments · Fixed by #1105
Labels
cve Security vulnerabilities detected by Dependabot or Mend medium severity Medium severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0

Comments

@mend-for-github-com
Copy link

WS-2019-0307 - Medium Severity Vulnerability

Vulnerable Library - mem-1.1.0.tgz

Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input

Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz

Dependency Hierarchy:

  • @osd/ui-framework-1.0.0.tgz (Root Library)
    • yo-2.0.6.tgz
      • fullname-3.3.0.tgz
        • mem-1.1.0.tgz (Vulnerable Library)

Found in HEAD commit: ddb2cc42e9e43fdc2358fe14019ab9679e775671

Found in base branch: main

Vulnerability Details

In 'mem' before v4.0.0 there is a Denial of Service (DoS) vulnerability as a result of a failure in removal old values from the cache.

Publish Date: 2018-08-27

URL: WS-2019-0307

CVSS 3 Score Details (5.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1084

Release Date: 2018-08-27

Fix Resolution: mem - 4.0.0

@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Jan 14, 2022
@tmarkley tmarkley added cve Security vulnerabilities detected by Dependabot or Mend medium severity Medium severity CVE labels Jan 14, 2022
@tmarkley tmarkley added the v2.0.0 label Feb 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cve Security vulnerabilities detected by Dependabot or Mend medium severity Medium severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant