concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into
Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Update to version 1.5.2, 1.4.11, 1.3.2 or later.
If you are unable to update make sure user provided input into the
write() function is not a number.
publishedAdvisory publishedApr 25th, 2018
reportedInitial report by Сковорода Никита АндреевичApr 24th, 2018