Skip to content

Out-of-bounds Read in concat-with-sourcemaps

Moderate severity GitHub Reviewed Published May 29, 2019 • Updated Sep 22, 2021

Package

npm concat-with-sourcemaps (npm)

Affected versions

>= 1.0.0, < 1.0.6

Patched versions

1.0.6

Description

Versions of concat-with-sourcemaps before 1.0.6 allocates uninitialized Buffers when a number is passed as a separator.

Recommendation

Update to version 1.0.6 or later.

References

GHSA ID

GHSA-2xv3-h762-ccxv