GMS-2019-40: Denial of Service in mem

July 5, 2019 (updated August 17, 2021)

Versions of mem are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system’s memory if they are able to abuse the application logging.

References

bugzilla.redhat.com/show_bug.cgi?id=1623744
github.com/advisories/GHSA-4xcv-9jjx-gfj3
github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b
snyk.io/vuln/npm:mem:20180117
www.npmjs.com/advisories/1084

Code Behaviors & Features

Detect and mitigate GMS-2019-40 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →