Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.
Node.js
Information Disclosure
Node Js
NVD
CVSS 3.1
3.1
EPSS
0.6%