CVE-2017-16026

Summary

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.

Affected Software

VendorProductVersion RangeStatus
HackerOnerequest node module`>=2.2.6 <2.47.0

Weaknesses

  • CWE-201: Information Exposure Through Sent Data (CWE-201)

ADP Enrichment

CVE Program Container

Additional References

References