Vulnerabilities

 1 via 1 paths

Dependencies

 136

Source

 GitHub

Commit

 01979d9d

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Infinite loop

  • Vulnerable module: file-type
  • Introduced through: eufy-security-client@3.8.0

Detailed paths

  • Introduced through: eufy-security-ws@bropat/eufy-security-ws#01979d9d833b93bfbc9b88fbdc200745c72d6e52 eufy-security-client@3.8.0 image-type@5.2.0 file-type@18.7.0

Overview

Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF (WMV/WMA) parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload.

Remediation

Upgrade file-type to version 21.3.1 or higher.

References

Infinite loop vulnerability report