Closed ohadsh535 closed 1 year ago
Latest commit: a42ec6725292bd08dad3a02881c88dda30f2efa2
The changes in this PR will be included in the next version bump.
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Updated (UTC) |
---|---|---|---|
proxy-agents | ✅ Ready (Inspect) | Visit Preview | Jun 17, 2023 8:18am |
async-cache@1.1.0 sprintf@0.1.5
fix(security): degenerator dependency obtains a CRITICAL security risk on vm2 version CVE-2023-32314
See https://nvd.nist.gov/vuln/detail/CVE-2023-32314, for further details.
"vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of
Proxy
. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version3.9.18
ofvm2
. Users are advised to upgrade. There are no known workarounds for this vulnerability."