Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2018-0103

Good to know:

icon

Date: January 27, 2018

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Language: Java

Severity Score

Related Resources (2)

https://hackerone.com/reports/321670
https://www.mend.io/vulnerability-database/WS-2018-0103

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

icon

Upgrade Version

Upgrade to version lufangyu1217/demo - dev-develop;computerundsound/curserver - 2.2.0;computerundsound/curserver - no_fix;NodeBin - no_fix;yuan1994/wechat_web_devtools - 0.15.152901-core;deltasystems/dewdrop - dev-hotfix-check-href;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-fixUpLanguageConstants;stringstream - 0.0.6;NativeScript.Sidekick.Standalone.Shell - 1.10.0-v2018052401;Npm.js - no_fix;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;Bower - no_fix;jsdom - 11.11.0;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;Raml.Parser - 2.0.0;Raml.Parser - 1.0.7;erdiko/user-admin - dev-ER-91;erdiko/user-admin - no_fix;nodejs - 8.12.0;nodejs - 10.4.1;neon-runtime - 0.1.21;Ncapsulate.Bower - no_fix;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.20;spiral/toolkit - v0.8.18;Yarn.MSBuild - 0.22.0;Yarn.MSBuild - 0.24.6;Sheelersoft.AngularTemplate - no_fix;limefamily/yii2-limetheme - 1.0.12;pwptemplatepusintek - no_fix;Ncapsulate.Node.Shadow - no_fix;dreamfactory/df-api-docs-ui - 1.1.0;lukesnowden/application-base - no_fix;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - 0.0.1;node-sass-bundle - no_fix;Ncapsulate.Node - no_fix;tombeachell/forza-magento - no_fix;Npm3 - no_fix;Betclic.BuildTools.Node - no_fix;Yarnpkg.Yarn - 0.26.1;JetBrains.Rider.Frontend6 - no_fix;Npm - no_fix;JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03;Tools.Npm - no_fix;Sheeler.AngularTemplate - no_fix;Fable.Template.Elmish.React - 0.1.6;MIDIator.WebClient - 1.0.105;adrexia/silverstripe-gumby-theme - 2;genenotebook - 0.1.7;sombrerodepaja/franky-skeleton-application - no_fix;ilhanet/erpnet-widget-resource - no_fix;nanny-sys - no_fix;AutoRest - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;frankyframework/franky2 - no_fix;jquery - 3.4.0;neon-sys - 0.1.11;Npm-Shift - no_fix;Fable.Library.Template - no_fix;azure-cli - no_fix;svg2png - no_fix;zombie.js - no_fix;z3/t3build-node - 1.0.11;tikiwiki/diagram - v6.5.7;org.webjars:npm:4.4.4;org.webjars:npm:no_fix;org.webjars:npm:5.0.0-1;org.webjars:npm:4.0.2;org.webjars.npm:bower:1.8.12;org.webjars.npm:stringstream:0.0.6;org.webjars.bower:npm:no_fix;org.webjars.npm:bourbon-neat:2.1.0;org.webjars:browser-sync:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us