search

CosmWasm / ts-codegen

Convert your CosmWasm smart contracts into dev-friendly TypeScript classes so you can focus on shipping code.
https://cosmology.zone/products/ts-codegen
Apache License 2.0
116 stars 27 forks source link

[Security] Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code #132

Closed zakarialounes closed 4 months ago

zakarialounes commented 9 months ago

Please see https://github.com/advisories/GHSA-67hx-6x53-jw92 Thanks

pyramation commented 4 months ago 
"@babel/traverse" "^7.24.1"
zakarialounes commented 4 months ago

Thanks for updating the yarn.lock @pyramation, I can now remove the resolution in our package.json.

zakarialounes commented 4 months ago

In fact still not fixed.

@cosmology/telescope@^1.5.4 uses "@cosmwasm/ts-codegen" "0.35.7" which uses "@babel/traverse" "7.18.11"