Description

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

Remediation

References

https://hackerone.com/reports/319809

Related Vulnerabilities

CVE-2020-7765 Vulnerability in npm package @firebase/util

CVE-2021-23446 Vulnerability in npm package handsontable

CVE-2020-25711 Vulnerability in maven package org.infinispan:infinispan-server-runtime

CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-web

CVE-2019-18212 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo