Security warning for "mem"
See original GitHub issueWS-2018-0236 More information
moderate severity
Vulnerable versions: < 4.0.0
Patched version: 4.0.0
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.
npm ls mem
shows:
└─┬ eslint-find-rules@3.3.1
└─┬ yargs@8.0.2
└─┬ os-locale@2.1.0
└── mem@1.1.0
Issue Analytics
- State:
- Created 4 years ago
- Comments:12 (4 by maintainers)
Top Results From Across the Web
Attack Surface Reduction Rules - Warn Mode with MEM/M365 ...
After bypassing the alert, a Windows Security notification is presented with a dialog box that indicates the content is blocked. The dialog box ......
Read more >Managing Microsoft Defender for Endpoint with the new ...
Enable Security Configuration Management in MDE · Sign in to Microsoft 365 Defender portal · Go to Settings -> Endpoints > Enforcement Scope...
Read more >Security issue with mem < 4.0.0 #183 - semantic-release/npm
Just got this on a project of mine that uses @semantic-release/npm and it looks like mem@^1.1.0 is used by os-locale@^2.0.0 which is used...
Read more >Check if a site's connection is secure - Google Chrome Help
To learn if a website is safe to visit, you can check for security info about the site. Chrome will alert you if...
Read more >fagraphix Men's GPS Anti Theft Vehicle Security Warning ...
Buy fagraphix Men's GPS Anti Theft Vehicle Security Warning Alarm T-Shirt Small Black: Shop top fashion brands T-Shirts at Amazon.com ✓ FREE DELIVERY...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
We can revisit updating yargs past v11 if node 4 is dropped in the future.
I understand the effort part. 😃 I was not overly concerned, but explain that to my manager. 😄