CVE-2019-15058 (High) detected in expoios/2.10.6 #38

mend-bolt-for-github · 2021-05-25T02:22:53Z

CVE-2019-15058 - High Severity Vulnerability

Vulnerable Library - expoios/2.10.6

An open-source platform for making universal native apps with React. Expo runs on Android, iOS, and the web.

Library home page: https://github.com/expo/expo.git

Vulnerable Source Files (1)

/ASOS/node_modules/expo-gl-cpp/cpp/stb_image.h

Vulnerability Details

stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.

Publish Date: 2019-08-14

URL: CVE-2019-15058

CVSS 3 Score Details (9.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label May 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-15058 (High) detected in expoios/2.10.6 #38

CVE-2019-15058 (High) detected in expoios/2.10.6 #38

mend-bolt-for-github bot commented May 25, 2021

CVE-2019-15058 (High) detected in expoios/2.10.6 #38

CVE-2019-15058 (High) detected in expoios/2.10.6 #38

Comments

mend-bolt-for-github bot commented May 25, 2021

CVE-2019-15058 - High Severity Vulnerability