VYPR
Medium severity5.9NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026

CVE-2017-16026

CVE-2017-16026

Description

Request is an http client. If a request is made using ``multipart`, and the body type is a `number``, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
requestnpm
>= 2.49.0, < 2.68.02.68.0
requestnpm
>= 2.2.6, < 2.68.02.68.0

Affected products

2
  • ghsa-coords
    Range: >= 2.49.0, < 2.68.0
  • HackerOne/request node modulev5
    Range: >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.