{"id":"CVE-2017-16026","details":"Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request \u003e=2.2.6 \u003c2.47.0 || \u003e2.51.0 \u003c=2.67.0.","aliases":["GHSA-7xfp-9c55-5vqj"],"modified":"2026-03-10T14:21:59.493906Z","published":"2018-06-04T19:29:01.537Z","references":[{"type":"WEB"},{"type":"REPORT","url":"https://github.com/request/request/issues/1904"},{"type":"REPORT","url":"https://github.com/request/request/pull/2018"},{"type":"EVIDENCE","url":"https://nodesecurity.io/advisories/309"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/request/request","events":[{"introduced":"0"},{"last_affected":"9b10aec4bdcfcbf03073e63f429b7652a16dd10f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.67.0"}]}}],"versions":["v1.2.0","v2.17.0","v2.18.0","v2.18.1","v2.19.0","v2.19.1","v2.20.0","v2.20.1","v2.21.0","v2.21.1","v2.22.0","v2.22.1","v2.23.0","v2.23.1","v2.24.0","v2.24.1","v2.25.0","v2.25.1","v2.26.0","v2.26.1","v2.27.0","v2.27.1","v2.28.0","v2.28.1","v2.29.0","v2.29.1","v2.30.0","v2.30.1","v2.31.0","v2.31.1","v2.32.0","v2.32.1","v2.33.0","v2.33.1","v2.34.0","v2.34.1","v2.35.0","v2.35.1","v2.36.0","v2.36.1","v2.37.0","v2.37.1","v2.38.0","v2.38.1","v2.39.0","v2.39.1","v2.40.0","v2.40.1","v2.41.0","v2.41.1","v2.42.0","v2.42.1","v2.43.0","v2.43.1","v2.44.0","v2.44.1","v2.45.0","v2.45.1","v2.46.0","v2.46.1","v2.47.0","v2.47.1","v2.48.0","v2.48.1","v2.49.0","v2.49.1","v2.50.0","v2.50.1","v2.51.0","v2.51.1","v2.52.0","v2.52.1","v2.53.0","v2.53.1","v2.54.0","v2.54.1","v2.55.0","v2.55.1","v2.56.0","v2.56.1","v2.57.0","v2.57.1","v2.58.0","v2.58.1","v2.59.0","v2.59.1","v2.60.0","v2.60.1","v2.61.0","v2.61.1","v2.62.0","v2.62.1","v2.63.0","v2.63.1","v2.64.0","v2.64.1","v2.65.0","v2.65.1","v2.66.0","v2.66.1","v2.67.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"2.2.6"},{"fixed":"2.47.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16026.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}