PT-2019-20043 · Npm · Concat-Stream
Published
2019-06-03
·
Updated
2019-06-03
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
concat-stream versions prior to 1.5.2
Description
The issue arises when user-provided input is passed into the
write() function, potentially leading to memory exposure. Versions prior to 1.3.0 are not affected due to not using the unguarded Buffer constructor.Recommendations
Update to version 1.5.2, 1.4.11, or 1.3.2 or later.
If you are unable to update, ensure that user-provided input into the
write() function is not a number.Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concat-Stream