Open The-Caesar opened 1 year ago
Hi PM2 Team.
Any update on this?
Same any update on this?
Ok so looks like reinstall of pm2@5.3.0 just fixes that and installed the dependency without the CVE affected vm2 version
I can confirm that reinstalling pm2 to the last version fixes the problem.
Note: In my case I use it installed globally
~ npm list vm2 -g
/usr/lib
└─┬ pm2@5.3.0
└─┬ @pm2/agent@2.0.1
└─┬ proxy-agent@5.0.0
└─┬ pac-proxy-agent@5.0.0
└─┬ pac-resolver@5.0.1
└─┬ degenerator@3.0.4
└── vm2@3.9.17
Reinstall:
~ npm uninstall -g pm2
...
~ npm install -g pm2
...
Result:
~ npm list vm2 -g
/usr/lib
└─┬ pm2@5.3.0
└─┬ @pm2/agent@2.0.1
└─┬ proxy-agent@5.0.0
└─┬ pac-proxy-agent@5.0.0
└─┬ pac-resolver@5.0.1
└─┬ degenerator@3.0.4
└── vm2@3.9.19
What's going wrong?
How could we reproduce this issue?
Supporting information
Solution would be to update vm2 dependency to > 3.9.18. Fixed https://www.mend.io/vulnerability-database/CVE-2023-32314