Affected versions of the package are vulnerable to Uninitialized Memory Exposure. The Buffer class in Node.js is available as global, even if the
nodeintegration attribute is not added. This could result in concatenation of uninitialized memory to the buffer collection.
This is a result of unobstructed use of the
Buffer constructor, whose insecure default constructor increases the odds of memory leakage.
electron to version 1.6.1 or higher.
Note This is vulnerable only for Node <=4
- Snyk ID
- 02 Sep, 2016
- 09 Oct, 2017