Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2018-0074
Good to know:
Date: January 27, 2018
bl before version 0.9.5 and version 1.0.1 are vulnerable to memory exposure. "bl.append(number)" in the affected bl versions passes a number to buffer constructor, appending a chunk of uninitialized memory
Language: Java
Severity Score
Related Resources (2)
Severity Score
Weakness Type (CWE)
Improper Initialization
CWE-665Top Fix
Upgrade Version
Upgrade to version Npm - no_fix;JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03;JetBrains.Rider.Frontend5 - 203.0.20201001.140309-eap02;JetBrains.Rider.Frontend5 - 211.0.20210713.161611;JetBrains.Rider.Frontend5 - 211.0.20210316.154439-eap08;MIDIator.WebClient - 1.0.105;JetBrains.Rider.Frontend4 - 203.0.20201104.111557-eap06;JetBrains.Rider.Frontend4 - 211.0.20210130.101832-eap01;JetBrains.Rider.Frontend4 - 211.0.20210324.212621-eap09;Ncapsulate.Bower - no_fix;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.18;spiral/toolkit - v0.8.20;node-sass-bundle - no_fix;Npm3 - no_fix;Ncapsulate.Node.Shadow - no_fix;Ncapsulate.Node - no_fix;azure-cli - no_fix;yuan1994/wechat_web_devtools - 0.15.152901-core;yuan1994/wechat_web_devtools - 0.15.152901;yuan1994/wechat_web_devtools - dev-master;Bower - no_fix;neon-sys - 0.1.10;nodejs - 4.4.7;bl - 1.0.1;adrexia/silverstripe-gumby-theme - 2;NoGit - no_fix;zombie.js - 4.2.1.3;JetBrains.Rider.Frontend6 - no_fix;dreamfactory/df-api-docs-ui - 1.1.0;nanny-sys - no_fix;NodeBin - no_fix;Betclic.BuildTools.Node - no_fix;Npm.js - no_fix;org.webjars:npm:3.9.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | LOW |