Severity: moderate

Memory Exposure



Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()

Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.


Update to version 1.5.2, 1.4.11, 1.3.2 or later.

If you are unable to update make sure user provided input into the write() function is not a number.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 25th, 2018
  2. reported

    Initial report by Сковорода Никита Андреевич
    Apr 24th, 2018