Please read my blog post node-ipc-potestware to get info about the CVE-2022-23812
This repo is a container to test how the [node-ipc] protestware code works. The code has been sanitized and you can use this docker container to test it without installing anything.
Please check accurately the code to see if I have omitted any security sanitization before running the code outside the docker container!
Open this repo in vscode and open it in the docker container using "open in remote container"
After this you are in a safe environment and you can run
npm startSince the https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 does not work, I use a direct local call to the attacker function.
you can have a look at the clear and sanitized code here