Homepage
About Snyk

Out of Memory Crash Affecting js-quantities package, versions <1.7.0

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:js-quantities:20161111
  • published 2 Aug 2017
  • disclosed 10 Nov 2016
  • credit Zach Bjornson
Report a new vulnerability Found a mistake?

Introduced: 10 Nov 2016

CVE NOT AVAILABLE CWE-119 Open this link in a new tab

How to fix?

Upgrade js-quantities to version 1.7.0 or higher.

Overview

js-quantities is a JavaScript port of Kevin Olbrich's library Ruby Units.

Affected versions of this package are vulnerable to Out of Memory Crash.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7.5 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High