All versions of stringstream
are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to stringstream
.