Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/npmconf@0.1.14

Type npm

Namespace

Name npmconf

Version 0.1.14

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.1.3

Latest_non_vulnerable_version 2.1.3

Affected_by_vulnerabilities

url VCID-vvhg-fxna-abht

vulnerability_id VCID-vvhg-fxna-abht

summary

Out-of-bounds Read in npmconf
Versions of `npmconf` allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js Update to or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used.

references

reference_url

https://hackerone.com/reports/320269

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/320269

reference_url	https://nodesecurity.io/advisories/653
reference_id
reference_type
scores
url	https://nodesecurity.io/advisories/653

reference_url

https://www.npmjs.com/advisories/653

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/653

reference_url	https://github.com/advisories/GHSA-57cf-349j-352g
reference_id	GHSA-57cf-349j-352g
reference_type
scores
url	https://github.com/advisories/GHSA-57cf-349j-352g

fixed_packages

url	pkg:npm/npmconf@2.1.3
purl	pkg:npm/npmconf@2.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/npmconf@2.1.3

aliases GHSA-57cf-349j-352g, GMS-2019-42

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvhg-fxna-abht

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npmconf@0.1.14

Package Instance