Vulnerabilities

 1 via 1 paths

Dependencies

 132

Source

 GitHub

Commit

 337dc99f

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Infinite loop

  • Vulnerable module: file-type
  • Introduced through: image-type@5.2.0

Detailed paths

  • Introduced through: eufy-security-client@bropat/eufy-security-client#337dc99fb2a4edd6db6e7d5c6861611a718ef67c image-type@5.2.0 file-type@18.7.0

Overview

Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF (WMV/WMA) parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload.

Remediation

Upgrade file-type to version 21.3.1 or higher.

References

Infinite loop vulnerability report