Home > Vulnerability Database > WS-2019-0307

Mend.io Vulnerability Database

WS-2019-0307

Good to know:

Date: August 27, 2018

In 'mem' before v4.0.0 there is a Denial of Service (DoS) vulnerability as a result of a failure in removal old values from the cache.

Language: Java

Severity Score

5.1

Related Resources (2)

Url: https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b

Url: https://www.mend.io/vulnerability-database/WS-2019-0307

Severity Score

5.1

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;GR.PageRender.Razor - 1.8.0;awema-pl/module-psmoduler - v1.0.4;scancode/portal-module - v0.0.22;scancode/portal-module - v1.0.1;nodejs - 10.22.0;nodejs - 13.9.0;nodejs - 12.18.3;nodejs - 6.12.0;kraenkvisuell/nova-cms-media - no_fix;kraenkvisuell/nova-cms-media - v1.2.2;kraenkvisuell/nova-cms-media - v1.0.3;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-update-angularjs;genenotebook - 0.1.14;SystemExt.Languages.Node.runtime.linux-arm64 - no_fix;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;pwptemplatepusintek - no_fix;yivic/yivic-elce - no_fix;narirock/marrs-catalog - no_fix;archambaultalex/image-field - no_fix;SystemExt.Languages.Node.runtime.osx-x64 - no_fix;humanmade/workflows - dev-master;humanmade/workflows - 0.4.8-rc.1;VueTemplate - no_fix;trezebits/trezevel-gallery - no_fix;mem - 4.0.0;miljoen/nova-autofill - v1.0.0;miljoen/nova-autofill - no_fix;PWPTemplateCMS - no_fix;z3/t3build-node - 1.0.11;i-saad-salman/statamic-analytics - no_fix;SystemExt.Languages.Node.runtime.linux-arm - no_fix;Fable.Library.Template - no_fix;Node-Kit - no_fix;zymawy/ironside-core - dev-utils;BlazorPolyfill.Build - 6.0.100.2;SystemExt.Languages.Node.runtime.linux-x64 - no_fix;org.webjars.bower:npm:no_fix;org.webjars.npm:mem:4.0.0

Learn More

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2019-0307

Good to know:

Date: August 27, 2018

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?