GMS-2019-19: Out-of-bounds Read in concat-with-sourcemaps

May 29, 2019 (updated September 22, 2021)

Versions of concat-with-sourcemaps allocates uninitialized Buffers when a number is passed as a separator. Update to or later.

References

github.com/advisories/GHSA-2xv3-h762-ccxv
github.com/floridoo/concat-with-sourcemaps/blob/v1.0.5/index.js
hackerone.com/reports/320166
www.npmjs.com/advisories/644

Detect and mitigate GMS-2019-19 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →