Open renovate[bot] opened 2 years ago
✔️ Deploy Preview for tsb-labsite ready!
🔨 Explore the source changes: 8b950faf1288d1d5c44aff818f754ad0f175c8f6
🔍 Inspect the deploy log: https://app.netlify.com/sites/tsb-labsite/deploys/61f006368a4b0800073c8eeb
😎 Browse the preview: https://deploy-preview-379--tsb-labsite.netlify.app
This PR contains the following updates:
0.8.4
->0.8.5
GitHub Vulnerability Alerts
GHSA-64g7-mvw6-v9qj
Impact
Output from the synchronous version of
shell.exec()
may be visible to other users on the same system. You may be affected if you executeshell.exec()
in multi-user Mac, Linux, or WSL environments, or if you executeshell.exec()
as the root user.Other shelljs functions (including the asynchronous version of
shell.exec()
) are not impacted.Patches
Patched in shelljs 0.8.5
Workarounds
Recommended action is to upgrade to 0.8.5.
References
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
For more information
If you have any questions or comments about this advisory:
CVE-2022-0144
shelljs is vulnerable to Improper Privilege Management
Configuration
📅 Schedule: "" in timezone Europe/Berlin.
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.