PT-2019-20005 · Npm · Npmconf
Published
2019-06-12
·
Updated
2019-06-12
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
npmconf versions prior to 2.1.3
Description
The issue arises when a typed number is passed as input on Node.js 4.x, causing
npmconf to allocate and write to disk uninitialized memory contents.Recommendations
Update to version 2.1.3 or later.
Consider switching to another config storage mechanism, as
npmconf is deprecated and should not be used.Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Npmconf