node-redis icon indicating copy to clipboard operation
node-redis copied to clipboard

Published 20 hours ago verified publisher icon redis

fix #2755 - code execution when compiling specifically crafted malicious code

Open imhunterand opened this issue 1 year ago • 0 comments

fix https://github.com/redis/node-redis/issues/2755

Requesting fixed vulnerable Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or path.evaluateTruthy() internal Babel methods.

Checklist

  • [ ] Does npm test pass with this change (including linting)?
  • [x] Is the new or changed code fully tested?
  • [x] Is a documentation update included (if this change modifies existing APIs, or introduces new ones)?

imhunterand avatar May 10 '24 01:05 imhunterand