Out-of-bounds Read in base64url
Moderate severity
GitHub Reviewed
Published
Sep 1, 2020
to the GitHub Advisory Database
•
Updated Apr 21, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 1, 2020
Last updated
Apr 21, 2023
Credits
-
tdunlap607 Analyst
Versions of
base64urlbefore 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.Recommendation
Update to version 3.0.0 or later.
References