search

Unitech / pm2

Node.js Production Process Manager with a built-in Load Balancer.
https://pm2.keymetrics.io/docs/usage/quick-start/
Other
41.44k stars 2.62k forks source link

Security concern with CVE-2022-36067 #5560

Open jefffortune opened 1 year ago

jefffortune commented 1 year ago

What's going wrong?

Security issue with dependency vm2

Supporting information

https://nvd.nist.gov/vuln/detail/CVE-2022-36067

$ pm2 report
WillianAgostini commented 1 year ago

Hi @jefffortune The 5.2.* tag is already using the latest vm2 version This vulnerability has been fixed in version vm2@3.9.11

pm2@5.2.2 /workspaces/pm2
└─┬ @pm2/agent@2.0.1
  └─┬ proxy-agent@5.0.0
    └─┬ pac-proxy-agent@5.0.0
      └─┬ pac-resolver@5.0.1
        └─┬ degenerator@3.0.2
          └── vm2@3.9.14

What version of pm2 are you using?