Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-23812: remove untrusted dependency - node-ipc #111

Open
lgg opened this issue Mar 17, 2022 · 1 comment
Open

CVE-2022-23812: remove untrusted dependency - node-ipc #111

lgg opened this issue Mar 17, 2022 · 1 comment
Assignees
@AmsterGet

Comments

@lgg
Copy link

lgg commented Mar 17, 2022
edited
Loading

Newest version of node-ipc delete all users's files from device. You should not use this dependency anymore!

You can learn more here: https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c

Check possible solution that already applied in vue.js: vuejs/vue-cli#7054 (comment)

also check more here: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
@lgg lgg changed the title YOUR CODE IS INFECTED WITH MALICIOUS DEPENDENCY - node-ipc CVE-2022-23812: YOUR CODE IS INFECTED WITH MALICIOUS DEPENDENCY - node-ipc Mar 17, 2022
@AmsterGet
Copy link
Member

Hello @lgg !
We noticed the presence of malicious code in the new version of node-ipc.
Our agent is using a fixed version of node-ipc (9.1.1), but we will consider moving to a more robust solution.
Thanks!

@lgg lgg changed the title CVE-2022-23812: YOUR CODE IS INFECTED WITH MALICIOUS DEPENDENCY - node-ipc CVE-2022-23812: remove untrusted dependency - node-ipc Mar 18, 2022
@AmsterGet AmsterGet mentioned this issue Jan 12, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AmsterGet AmsterGet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lgg @AmsterGet