Homepage

music-metadata@11.12.2 vulnerabilities

Music metadata parser for Node.js, supporting virtual any audio and tag format.

  • latest version

    11.12.3

  • latest non vulnerable version

    11.12.3

  • first published

    9 years ago

  • latest version published

    9 days ago

  • licenses detected

  • View music-metadata package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the music-metadata package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Infinite loop

    music-metadata is a Music metadata parser for Node.js, supporting virtual any audio and tag format.

    Affected versions of this package are vulnerable to Infinite loop through the parseExtensionObject process in the ASF parser when handling a sub-object with objectSize = 0. An attacker can cause the application to hang indefinitely by providing a specially crafted .asf file that triggers an infinite loop during parsing.

    How to fix Infinite loop?

    Upgrade music-metadata to version 11.12.3 or higher.

    <11.12.3
    Go back to all versions of this package