Out-of-bounds Read in concat-with-sourcemaps · GHSA-2xv3-h762-ccxv · GitHub Advisory Database · GitHub

Out-of-bounds Read in concat-with-sourcemaps

Moderate severity GitHub Reviewed Published May 29, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

concat-with-sourcemaps (npm)

Affected versions

>= 1.0.0, < 1.0.6

Patched versions

1.0.6

Description

Versions of concat-with-sourcemaps before 1.0.6 allocates uninitialized Buffers when a number is passed as a separator.

Recommendation

Update to version 1.0.6 or later.

References

Reviewed May 29, 2019

Published to the GitHub Advisory Database May 29, 2019

Last updated Jan 9, 2023