Medium severity5.9NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026
CVE-2017-16026
CVE-2017-16026
Description
Request is an http client. If a request is made using ``multipart`, and the body type is a `number``, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
requestnpm | >= 2.49.0, < 2.68.0 | 2.68.0 |
requestnpm | >= 2.2.6, < 2.68.0 | 2.68.0 |
Affected products
2- HackerOne/request node modulev5Range: >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0
Patches
Vulnerability mechanics
References
7- github.com/request/request/issues/1904nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/request/request/pull/2018nvdExploitIssue TrackingThird Party AdvisoryWEB
- nodesecurity.io/advisories/309nvdExploitThird Party Advisory
- github.com/advisories/GHSA-7xfp-9c55-5vqjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16026ghsaADVISORY
- github.com/request/request/commit/29d81814bc16bc79cb112b4face8be6fc00061ddghsaWEB
- github.com/request/request/pull/2022ghsaWEB
News mentions
0No linked articles in our index yet.