Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2018-0076
Good to know:
Date: March 5, 2017
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200Top Fix
Upgrade Version
Upgrade to version oburatongoi/productivity - 0.4.35;oburatongoi/productivity - 0.0.13;JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03;Tools.Npm - no_fix;nodejs - 8.8.1;jadu/pulsar - 1.0.16;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;NodeLessTestTwo - no_fix;computerundsound/curserver - no_fix;computerundsound/curserver - 2.2.0;Ncapsulate.Node - no_fix;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.2;NC.Frontend.Env - no_fix;neon-sys - 0.1.11;erdiko/user-admin - no_fix;erdiko/user-admin - dev-ER-91;NodeInt - no_fix;adrexia/silverstripe-gumby-theme - 2;Npm.js - 2.13.1;Bower - no_fix;MIDIator.WebClient - 1.0.105;NodeLESS2 - no_fix;Yarn.MSBuild - 0.22.0;ilhanet/erpnet-widget-resource - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;hydrawiki/lessoid - 2.0.0;svg2png - no_fix;zombie.js - no_fix;azure-cli - no_fix;Raml.Parser - 1.0.7;z3/t3build-node - 1.0.11;ears - 0.3.4;NodeLESS - no_fix;yuan1994/wechat_web_devtools - 0.15.152901-core;trezebits/trezevel-gallery - no_fix;miljoen/nova-autofill - v1.0.0;miljoen/nova-autofill - no_fix;DotLessBuildTasksDotNet - no_fix;NodeEnv - no_fix;archambaultalex/image-field - no_fix;Tinfoil - no_fix;adrexia/silverstripe-pure - no_fix;dreamfactory/df-api-docs-ui - 1.1.0;Npm - 2.14.14;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;WinLess.lessc - no_fix;pwptemplatepusintek - no_fix;oxid-esales/wave-theme - dev-oxscript-google-analytics;jquery - 3.4.0;Betclic.BuildTools.Node - 1.0.5;Betclic.BuildTools.Node - no_fix;Yeoman - no_fix;NodeLessTest - no_fix;Ncapsulate.Bower - no_fix;node-sass-bundle - no_fix;Pvc.Runtime.NodeJs - no_fix;tunnel-agent - 0.6.0;jsdom - 11.11.0;Yarnpkg.Yarn - 0.26.1;JetBrains.Rider.Frontend6 - no_fix;limefamily/yii2-limetheme - 1.0.12;Npm3 - no_fix;Pvc.Browserify - 0.0.1.1;lukesnowden/application-base - no_fix;org.webjars:npm:4.0.2;org.webjars:npm:2.14.14;org.webjars:npm:4.4.4;org.webjars.npm:tunnel-agent:0.6.0;org.webjars.npm:floatthead:2.0.3;org.webjars.npm:bourbon-neat:2.1.0;org.webjars.bower:jsonpath-object-transform:no_fix;org.webjars:browser-sync:no_fix;org.webjars.npm:bower:1.8.12
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |