Out-of-bounds Read in concat-with-sourcemaps

Versions of concat-with-sourcemaps before 1.0.6 allocates uninitialized Buffers when a number is passed as a separator. Recommendation Update to version 1.0.6 or later...

GHSA-2XV3-H762-CCXV Out-of-bounds Read in concat-with-sourcemaps

Versions of concat-with-sourcemaps before 1.0.6 allocates uninitialized Buffers when a number is passed as a separator. Recommendation Update to version 1.0.6 or later...

athena-beta (>=1.0.0 <=2.0.4), athena-html (>=1.2.10 <=2.0.0-alpha.8) +8 more potentially affected by unknown CVE via concat-with-sourcemaps (>=1.0.0 <=1.0.4)

concat-with-sourcemaps NPM version =1.0.0, =1.0.0, =1.2.10, =1.0.0, =1.0.1, =0.0.2, =0.3.0, =1.0.0, =1.0.8 - peachhtmlproduction =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-2XV3-H762-CCXV...

Out-of-bounds Read

Overview Versions of concat-with-sourcemaps before 1.0.6 allocates uninitialized Buffers when a number is passed as a separator. Recommendation Update to version 1.0.6 or later. References - HackerOne Report - Source Reference - GitHub Advisory...

Node.js third-party modules: `concat-with-sourcemaps` allocates uninitialized Buffers when number is passed as a separator

I would like to report an uninitialized Buffer allocation issue in concat-with-sourcemaps. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in unlikely setups where separator is attacker-controlled. Module module name:...