CVE-2022-23812: YOUR CODE IS INFECTED WITH MALICIOUS DEPENDENCY - node-ipc

zebrunner / javascript-agent-cypress

Zebrunner Agent: JS Mocha/Cypress reporting integration

5 stars 2 forks source link

CVE-2022-23812: YOUR CODE IS INFECTED WITH MALICIOUS DEPENDENCY - node-ipc #13

Closed lgg closed 2 years ago

lgg commented 2 years ago

Newest version of node-ipc delete all users's files from device. You should not use this dependency anymore!

You can learn more here: https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c

Check possible solution that already applied in vue.js: https://github.com/vuejs/vue-cli/issues/7054#issuecomment-1068677029

also check more here: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/

SergeiZagriychuk commented 2 years ago

thanks for mentioning this! since we use old version of node-ipc (9.1.4), there is no any impact for us. and we don't plan to upgrade it. later we'll consider migrating to alternative solution. hence closing the ticket.