Skip to content

Hidden functionality in node-ipc

Low severity GitHub Reviewed Published Mar 16, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm node-ipc (npm)

Affected versions

= 9.2.2

Patched versions

None

Description

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.

References

Published to the GitHub Advisory Database Mar 16, 2022
Reviewed Mar 16, 2022
Last updated Jan 11, 2023

Severity

Low

EPSS score

Weaknesses

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-8gr3-2gjw-jj7g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.