Skip to content

Hidden functionality in node-ipc

Low severity GitHub Reviewed Published Mar 16, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm node-ipc (npm)

Affected versions

= 9.2.2

Patched versions

None

Description

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.

References

Published to the GitHub Advisory Database Mar 16, 2022
Reviewed Mar 16, 2022
Last updated Jan 11, 2023

Severity

Low

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-8gr3-2gjw-jj7g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.