The Buffer class in Node.js can leak server-side memory, exposing sensitive data such as keys and system information if not handled correctly. This vulnerability was first disclosed by Feross Aboukhadijeh and Mathias Buss Madsen and has affected popular projects including mongoose, ws, request, and sequelize. The Buffer class is a mutable array of binary data that can be initialized with a string, array, or number, but its default behavior can lead to memory leaks when using the number constructor. To fix this vulnerability, developers can use alternative classes such as TypedArray and ArrayBuffer, disallow the number constructor, zero-fill the allocated data using buf.fill(0), or carefully track where the Buffer content goes. As of Node 6, explicit alloc and allocUnsafe methods are available to allocate space with and without zeroing respectively, which can help developers avoid similar mistakes.