Severity: moderate

Memory Exposure

concat-stream

Overview

Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()

Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.

Remediation

Update to version 1.5.2, 1.4.11, 1.3.2 or later.

If you are unable to update make sure user provided input into the write() function is not a number.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 25th, 2018
  2. reported

    Initial report by Сковорода Никита Андреевич
    Apr 24th, 2018