PT-2018-6057 · Npm · Request

Github-Actionsbot

Publicado

2018-06-04

Atualizado

2026-02-04

CVE-2017-16026

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Request versions 2.2.6 through 2.46.9 Request versions 2.51.0 through 2.67.0

Description: The issue affects the Request library when a multipart request is made and the body type is a number. In such cases, a buffer of the specified size is allocated and sent to the remote server as the body, potentially disclosing local system memory to remote systems.

Recommendations: For Request versions 2.2.6 through 2.46.9, update to version 2.68.0 or later. For Request versions 2.51.0 through 2.67.0, update to version 2.68.0 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-201

Identificadores relacionados

CVE-2017-16026

GHSA-7XFP-9C55-5VQJ

Produtos afetados

Request

PT-2018-6057 · Npm · Request

CVE-2017-16026

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12