Memory Exposure

2018-04-25T03:25:38
ID NODEJS:597
Type nodejs
Reporter Сковорода Никита Андреевич
Modified 2018-05-08T14:27:01

Description

Overview

Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()

Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.

Recommendation

Update to version 1.5.2, 1.4.11, 1.3.2 or later.

If you are unable to update make sure user provided input into the write() function is not a number.

References