Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04Z3IzLTJnanctamo3Z80zOA
Hidden functionality in node-ipc
The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.
Permalink: https://github.com/advisories/GHSA-8gr3-2gjw-jj7gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Z3IzLTJnanctamo3Z80zOA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-8gr3-2gjw-jj7g
References:
- https://github.com/RIAEvangelist/node-ipc/releases/tag/9.2.2
- https://github.com/advisories/GHSA-8gr3-2gjw-jj7g
Blast Radius: 0.0
Affected Packages
npm:node-ipc
Dependent packages: 433Dependent repositories: 296,532
Downloads: 1,915,460 last month
Affected Version Ranges: = 9.2.2
No known fixed version
All affected versions: