Description
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
Remediation
References
https://github.com/mhart/StringStream/issues/7
https://hackerone.com/reports/321670
https://www.npmjs.com/advisories/664
Related Vulnerabilities
CVE-2023-26118 Vulnerability in npm package angular
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.13
CVE-2022-38900 Vulnerability in npm package decode-uri-component
CVE-2021-23424 Vulnerability in npm package ansi-html
CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config