Candidate: CVE-2017-16026
PublicDate: 2018-06-04 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16026
 https://github.com/request/request/issues/1904
 https://nodesecurity.io/advisories/309
 https://github.com/request/request/pull/2018
Description:
 Request is an http client. If a request is made using ```multipart```, and
 the body type is a ```number```, then the specified number of non-zero
 memory is passed in the body. This affects Request >=2.2.6 <2.47.0 ||
 >2.51.0 <=2.67.0.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901708
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]


Patches_node-request:
upstream_node-request: released (2.88.1-2)
precise/esm_node-request: DNE
trusty_node-request: ignored (out of standard support)
trusty/esm_node-request: not-affected (code not present)
xenial_node-request: not-affected (code not present)
artful_node-request: ignored (reached end-of-life)
bionic_node-request: not-affected (code not present)
cosmic_node-request: not-affected (code not present)
disco_node-request: not-affected (2.88.1-2)
devel_node-request: not-affected (2.88.1-2)