ID: CVE-2017-16026

Last Modified: Oct. 9, 2019

Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.

Attack Vector: Network

Attack Complexity: High

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: None

Availability: None

Base Score: 5.9

Exploitability Score: 2.2

Impact Score: 3.6

CVSS V3: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Specialize CVSS-Score

Access Vector: Network

Access Complexity: Medium

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: None

Availability Impact: None

Base Score: 7.1

Exploitability Score: 8.6

Impact Score: 6.9

CVSS V2: AV:N/AC:M/Au:N/C:C/I:N/A:N

Specialize CVSS-Score

CWE-20

Condition Configuration
OR
OR
Alle Schwachstellen für request_project
Alle Schwachstellen für request_project
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*"/>
        <prop key="application" value="cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*"/>
        <prop key="application" value="cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="data" value="any"/>
    <prop key="data_influence" value="read"/>
    <prop key="range" value="remote"/>
</set>