GMS-2020-407: Buffer Overflow in node-weakauras-parser

September 3, 2020 (updated October 4, 2021)

Affected versions of node-weakauras-parser are vulnerable to a Buffer Overflow. The encode_weakaura function fails to properly validate the input size. A buffer of bytes causes an overflow on systems. Upgrade to or later.

References

github.com/Zireael-N/node-weakauras-parser/commit/bc146da09db689e554d28e948f1cf1c138f09f69
github.com/advisories/GHSA-86mr-6m89-vgj3
www.npmjs.com/advisories/1504

Code Behaviors & Features

Detect and mitigate GMS-2020-407 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →