Package: node-concat-stream Version: 1.5.1-1 Severity: grave Tags: patch security fixed-upstream fixed-in-experimental X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org forwarded: https://snyk.io/vuln/npm:concat-stream:20160901
Overview concat-stream is writable stream that concatenates strings or binary data and calls a callback with the result. Affected versions of the package are vulnerable to Uninitialized Memory Exposure. A possible memory disclosure vulnerability exists when a value of type number is provided to the stringConcat() method and results in concatination of uninitialized memory to the stream collection. This is a result of unobstructed use of the Buffer constructor, whose insecure default constructor increases the odds of memory leakage.
Description: This is a digitally signed message part.