GMS-2022-392: Hidden functionality in node-ipc

March 16, 2022

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.

References

github.com/RIAEvangelist/node-ipc/releases/tag/9.2.2
github.com/advisories/GHSA-8gr3-2gjw-jj7g

Code Behaviors & Features

Detect and mitigate GMS-2022-392 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →