Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Security warning for "mem"

See original GitHub issue

WS-2018-0236 More information
moderate severity
Vulnerable versions: < 4.0.0
Patched version: 4.0.0
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.

npm ls mem shows:

└─┬ eslint-find-rules@3.3.1
  └─┬ yargs@8.0.2
    └─┬ os-locale@2.1.0
      └── mem@1.1.0

Issue Analytics

State:
Created 4 years ago
Comments:12 (4 by maintainers)

Top GitHub Comments

2reactions

ljharbcommented, Jul 25, 2019

We can revisit updating yargs past v11 if node 4 is dropped in the future.

1reaction

Xotic750commented, Jul 25, 2019

I understand the effort part. 😃 I was not overly concerned, but explain that to my manager. 😄

Top Results From Across the Web

Attack Surface Reduction Rules - Warn Mode with MEM/M365 ...

After bypassing the alert, a Windows Security notification is presented with a dialog box that indicates the content is blocked. The dialog box ......

Managing Microsoft Defender for Endpoint with the new ...

Enable Security Configuration Management in MDE · Sign in to Microsoft 365 Defender portal · Go to Settings -> Endpoints > Enforcement Scope...

Security issue with mem < 4.0.0 #183 - semantic-release/npm

Just got this on a project of mine that uses @semantic-release/npm and it looks like mem@^1.1.0 is used by os-locale@^2.0.0 which is used...

Check if a site's connection is secure - Google Chrome Help

To learn if a website is safe to visit, you can check for security info about the site. Chrome will alert you if...

fagraphix Men's GPS Anti Theft Vehicle Security Warning ...

Buy fagraphix Men's GPS Anti Theft Vehicle Security Warning Alarm T-Shirt Small Black: Shop top fashion brands T-Shirts at Amazon.com ✓ FREE DELIVERY...