Severity: high

Out-of-bounds Read

base64-url

Overview

Versions of base64-url before 2.0.0 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input.

Remediation

Update to version 2.0.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    May 16th, 2018
  2. reported

    Initial report by Сковорода Никита Андреевич
    May 16th, 2018