Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE: 0000-0000 found in inflight - Version: 1.0.6 [JS] #162

Open
github-actions bot opened this issue Feb 5, 2024 · 0 comments
Open

CVE: 0000-0000 found in inflight - Version: 1.0.6 [JS] #162

github-actions bot opened this issue Feb 5, 2024 · 0 comments
Labels
Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability

Comments

@github-actions
Copy link

github-actions bot commented Feb 5, 2024

Veracode Software Composition Analysis

Attribute Details
Library inflight
Description Add callbacks to requests in flight to avoid async duplication
Language JS
Vulnerability Memory Leak
Vulnerability description inflight is vulnerable to a Memory Leak. The vulnerability is due to lack of restrictions on how many callbacks the library can concurrently support, which can result in a NodeJS out of heap memory crash.
CVE null
CVSS score 4.9
Vulnerability present in version/s 1.0.0-1.0.6
Found library version/s 1.0.6
Vulnerability fixed in version
Library latest version 1.0.6
Fix There is no fix. If inflight is used transitively, its recommend to upgrade the direct dependency.

Links:
@github-actions github-actions bot added Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability labels Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants