Skip to main content

Improper Handling of Unexpected Data Type

CVE-2021-39131

Severity High
Score 7.5/10

Summary

ced detects character encoding using Google's compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it's a `Buffer` using `Buffer.isBuffer(obj)`.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-241 - Improper Handling of Unexpected Data Type

The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

Advisory Timeline

  • Published