New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vm2 Sandbox Escape vulnerability #1024
Comments
Thanks, @ajaykarthikr. The Let's track the reference issue indeed. Other suggestions also welcome of course.
|
@webpro I understand, but as package it's throwing critical errors when we run |
FYI, I'm not a security expert, but if this explanation is correct it sounds like the leak can only be exploited when the url ( Usually release-it is a Security tooling is essential, keep assessing the actual risks for your own circumstances. |
It's causing problems where sometimes we can't merge changes due to a problem in a package 4 levels down that's only used for making releases. (vm2, I'm looking at you.) TooTallNate/proxy-agents#218 (comment) release-it/release-it#1024 (comment)
It's causing problems where sometimes we can't merge changes due to a problem in a package 4 levels down that's only used for making releases. (vm2, I'm looking at you.) TooTallNate/proxy-agents#218 (comment) release-it/release-it#1024 (comment)
FYI, I also came here because I got security messages from GitHub as well and I did notice it came from If it doesn't then I know release-it is a dev deps, so it's not the end of the world, but it's nice to see no security issue showing in audit though :) |
🚀 This issue has been resolved in v16.1.3. See Release 16.1.3 for release notes. |
Thanks for your notification, @ghiscoding! |
Npm is reporting vm2 vulnerability again. I have noticed the packages were updated recently but it seems the issue wasn't resolved. I looked at the vm2 package, the author suggests to use an alternative.
Is it possible to fix this issue? This comes from
degenerator
dependencySeverity: critical
vm2 Sandbox Escape vulnerability - GHSA-cchq-frgv-rjh5
Reference: TooTallNate/proxy-agents#218
The text was updated successfully, but these errors were encountered: