VulnerableCode Package Details - pkg:npm/openwhisk@3.3.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/openwhisk@3.3.1

Essentials
History (2)

purl	pkg:npm/openwhisk@3.3.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-c3t5-82ea-5yh6	Remote Memory Exposure in openwhisk Versions of `openwhisk` before 3.3.1 are vulnerable to remote memory exposure. When a number is passed to `api_key`, affected versions of `openwhisk` allocate an uninitialized buffer and send that over network in Authorization header (base64-encoded). Proof of concept: ```js var openwhisk = require('openwhisk'); var options = { apihost: '127.0.0.1:1433', api_key: USERSUPPLIEDINPUT // number }; var ow = openwhisk(options); ow.actions.invoke({actionName: 'sample'}).then(result => console.log(result)) ``` ## Recommendation Update to version 3.3.1 or later.	GHSA-53mj-mc38-q894 GMS-2020-756

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:22:33.371093+00:00	GithubOSV Importer	Fixing	VCID-c3t5-82ea-5yh6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-53mj-mc38-q894/GHSA-53mj-mc38-q894.json	38.6.0
2026-06-04T16:20:14.626342+00:00	GitLab Importer	Fixing	VCID-c3t5-82ea-5yh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openwhisk/GMS-2020-756.yml	38.6.0