life_star@0.5.0 vulnerabilities

Another web server for Lively

Direct Vulnerabilities

Known vulnerabilities in the life_star package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Uninitialized Memory Exposure

life_star is a web server for Lively.

A possible memory disclosure vulnerability exists when a value of type number is provided to the buffer and results in concatenation of uninitialized memory to the buffer collection. This is a result of unobstructed use of the Buffer constructor, whose insecure default constructor increases the odds of memory leakage.

You can read more about the insecure Buffer behavior on our blog.

Similar vulnerabilities were discovered in bl, request, mongoose, ws and sequelize.

Note This is vulnerable only for Node <=4