Package: node-concat-stream Version: 1.5.1-1 Severity: grave Tags: patch security fixed-upstream fixed-in-experimental X-Debbugs-CC: [email protected] forwarded: https://snyk.io/vuln/npm:concat-stream:20160901
Overview concat-stream is writable stream that concatenates strings or binary data and calls a callback with the result. Affected versions of the package are vulnerable to Uninitialized Memory Exposure. A possible memory disclosure vulnerability exists when a value of type number is provided to the stringConcat() method and results in concatination of uninitialized memory to the stream collection. This is a result of unobstructed use of the Buffer constructor, whose insecure default constructor increases the odds of memory leakage.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
