agent-js-cypress icon indicating copy to clipboard operation
agent-js-cypress copied to clipboard

Published 20 hours ago verified publisher icon reportportal

CVE-2022-23812: remove untrusted dependency - node-ipc

Open lgg opened this issue 2 years ago • 1 comments

Newest version of node-ipc delete all users's files from device. You should not use this dependency anymore!

You can learn more here: https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c

Check possible solution that already applied in vue.js: https://github.com/vuejs/vue-cli/issues/7054#issuecomment-1068677029

also check more here: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/

lgg avatar Mar 17 '22 00:03 lgg

Hello @lgg ! We noticed the presence of malicious code in the new version of node-ipc. Our agent is using a fixed version of node-ipc (9.1.1), but we will consider moving to a more robust solution. Thanks!

AmsterGet avatar Mar 18 '22 07:03 AmsterGet