goto-bus-stop
commented
1 year ago that file is input for a benchmark, it is never executed under any circumstance, so this is a false positive.
Closed jerin closed 9 months ago
goto-bus-stop
commented
1 year ago that file is input for a benchmark, it is never executed under any circumstance, so this is a false positive.
jerin
commented
1 year ago Thank you
We have a Xray scanner to identify package/inner package vulnerabilities. While scanning static-module , the scanner reporting an acorn@5.5.1 package vulnerability from a file which is currently being used by static module.
Path is package/bench/input.js Line number 5269
Acorn 5.5.1 Vunerability description: acorn contain an infinite loop condition in regexp.js that is triggered when handling UTF_16 surrogates while validating reqular expressions.
Please check this issue.
Thanks Jerin john