We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
writable stream that concatenates strings or binary data and calls a callback with the result
Library home page: https://registry.npmjs.org/concat-stream/-/concat-stream-1.5.0.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/concat-stream/package.json
Dependency Hierarchy:
Found in HEAD commit: 9060713df80212ee5546b36d1083fb607520eb0b
Found in base branch: master
Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()
Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Publish Date: 2018-04-25
URL: WS-2018-0075
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/597
Release Date: 2018-01-27
Fix Resolution (concat-stream): 1.5.2
Direct dependency fix Resolution (ember-cli-favicon): 1.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered:
No branches or pull requests
WS-2018-0075 - Medium Severity Vulnerability
writable stream that concatenates strings or binary data and calls a callback with the result
Library home page: https://registry.npmjs.org/concat-stream/-/concat-stream-1.5.0.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/concat-stream/package.json
Dependency Hierarchy:
Found in HEAD commit: 9060713df80212ee5546b36d1083fb607520eb0b
Found in base branch: master
Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write()
Versions <1.3.0 are not affected due to not using unguarded Buffer constructor.
Publish Date: 2018-04-25
URL: WS-2018-0075
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/597
Release Date: 2018-01-27
Fix Resolution (concat-stream): 1.5.2
Direct dependency fix Resolution (ember-cli-favicon): 1.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: