CVE-2017-16026
MEDIUM5.9EPSS 1.1%Remote Memory Exposure in request
發布日:2018/11/9修改日:2026/4/28
描述
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
受影響套件(2)
- Debian/node-requestfrom 0, < 2.88.1-1
- npm/request>= 2.49.0, < 2.68.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16026
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-16026
- PATCHhttps://github.com/request/request
- WEBhttps://github.com/request/request/commit/29d81814bc16bc79cb112b4face8be6fc00061dd
- WEBhttps://github.com/request/request/issues/1904
- WEBhttps://github.com/request/request/pull/2018
- WEBhttps://github.com/request/request/pull/2022