concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into
Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Update to version 1.5.2, 1.4.11, 1.3.2 or later.
If you are unable to update make sure user provided input into the
write() function is not a number.