PT-2018-6057 · Npm · Request
Github-Actionsbot
·
Published
2018-06-04
·
Updated
2026-02-04
·
CVE-2017-16026
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Request versions 2.2.6 through 2.46.9
Request versions 2.51.0 through 2.67.0
Description:
The issue affects the Request library when a multipart request is made and the body type is a number. In such cases, a buffer of the specified size is allocated and sent to the remote server as the body, potentially disclosing local system memory to remote systems.
Recommendations:
For Request versions 2.2.6 through 2.46.9, update to version 2.68.0 or later.
For Request versions 2.51.0 through 2.67.0, update to version 2.68.0 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Request