Version Details and Security Vulnerabilities

📦

bignum

0.13.0

Comparision Betweeen 0.13.0 and 0.12.5

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

48.01 KB

N/A

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

bignum

0.13.0

Comparision Betweeen 0.13.0 and 0.12.5

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

48.01 KB

N/A

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 0.13.0 of the package bignum.

All Security Vulnerabilities

All the vulnerabilities related to the version 0.13.0 of the package

Summary:

Uncaught Exception in bignum

Details:

All versions of the npm package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.

Details about bignum@0.13.0

Summary:

Malware in pre-build binaries of bignum

Details:

Impact

bignum releases from v0.12.2 to v0.13.0 (inclusive) used node-pre-gyp to optionally download pre-built binary versions of the addon. These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malware that exfiltrates data from the user's computer.

Patches

v0.13.1 does not use node-pre-gyp and does not have support for downloading pre-built binaries in any form, avoiding the risk of malicious downloads.

Details about bignum@0.13.0

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 0.13.0 of the package bignum.

All Security Vulnerabilities

All the vulnerabilities related to the version 0.13.0 of the package

Summary:

Uncaught Exception in bignum

Details:

Details about bignum@0.13.0

Summary:

Malware in pre-build binaries of bignum

Details:

Impact

Patches

v0.13.1 does not use node-pre-gyp and does not have support for downloading pre-built binaries in any form, avoiding the risk of malicious downloads.

Details about bignum@0.13.0

Version Details and Security Vulnerabilities

bignum

Comparision Betweeen 0.13.0 and 0.12.5

Security Vulnerabilities

Version Details and Security Vulnerabilities

bignum

Comparision Betweeen 0.13.0 and 0.12.5

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Version Details and Security Vulnerabilities

bignum

Comparision Betweeen 0.13.0 and 0.12.5

Security Vulnerabilities

Version Details and Security Vulnerabilities

bignum

Comparision Betweeen 0.13.0 and 0.12.5

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

bignum@0.13.0 GHSA-6429-3g3w-6mw5 7.5

bignum@0.13.0 GHSA-7cgc-fjv4-52x6 N/A

Impact

Patches

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

bignum@0.13.0 GHSA-6429-3g3w-6mw5 7.5

bignum@0.13.0 GHSA-7cgc-fjv4-52x6 N/A

Impact

Patches