stringstream before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Upgrade to version 0.0.6 or later.
Have content suggestions? Visit npmjs.com/support.
publishedAdvisory publishedMay 16th, 2018
reportedInitial report by Сковорода Никита АндреевичMay 16th, 2018