Open mend-bolt-for-github[bot] opened 4 years ago
writable stream that concatenates strings or binary data and calls a callback with the result
Library home page: https://registry.npmjs.org/concat-stream/-/concat-stream-1.4.11.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/browserify/node_modules/concat-stream/package.json
Dependency Hierarchy: - react-component-gulp-tasks-0.7.7.tgz (Root Library) - browserify-11.2.0.tgz - :x: **concat-stream-1.4.11.tgz** (Vulnerable Library)
Found in HEAD commit: 7b7ee4fda1530a8aba251e15f46bd683a40393d8
Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write() Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Publish Date: 2018-04-25
URL: WS-2018-0075
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/597
Release Date: 2018-01-27
Fix Resolution: 1.5.2
Step up your Open Source Security Game with Mend here
WS-2018-0075 - Medium Severity Vulnerability
writable stream that concatenates strings or binary data and calls a callback with the result
Library home page: https://registry.npmjs.org/concat-stream/-/concat-stream-1.4.11.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/browserify/node_modules/concat-stream/package.json
Dependency Hierarchy: - react-component-gulp-tasks-0.7.7.tgz (Root Library) - browserify-11.2.0.tgz - :x: **concat-stream-1.4.11.tgz** (Vulnerable Library)
Found in HEAD commit: 7b7ee4fda1530a8aba251e15f46bd683a40393d8
Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write() Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Publish Date: 2018-04-25
URL: WS-2018-0075
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nodesecurity.io/advisories/597
Release Date: 2018-01-27
Fix Resolution: 1.5.2
Step up your Open Source Security Game with Mend here