Skip to content

Hidden functionality in node-ipc

Low severity GitHub Reviewed Published Mar 16, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm node-ipc (npm)

Affected versions

= 9.2.2

Patched versions

None

Description

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.

References

Published to the GitHub Advisory Database Mar 16, 2022
Reviewed Mar 16, 2022
Last updated Jan 11, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-8gr3-2gjw-jj7g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.