Description
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
Remediation
References
https://github.com/mhart/StringStream/issues/7
https://hackerone.com/reports/321670
https://www.npmjs.com/advisories/664
Related Vulnerabilities
CVE-2017-16024 Vulnerability in npm package sync-exec
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins
CVE-2022-25186 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin
CVE-2023-6291 Vulnerability in maven package org.keycloak:keycloak-services