Description

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

Remediation

References

https://hackerone.com/reports/319809

Related Vulnerabilities

CVE-2021-23341 Vulnerability in npm package prismjs

CVE-2021-23346 Vulnerability in npm package html-parse-stringify2

CVE-2018-3738 Vulnerability in npm package protobufjs

CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job

CVE-2023-3696 Vulnerability in maven package org.webjars.npm:mongoose

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo