You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A transitive dependency you have in the latest version seems to be impacted by this (issue)[https://github.com/https://github.com/patriksimek/vm2/issues/515].
Details
Here's what I see when I run npm audit.
# npm audit report
vm2 *
Severity: critical
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-cchq-frgv-rjh5
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-g644-9gfx-q4q4
fix available via `npm audit fix`
node_modules/vm2
degenerator 3.0.0 - 4.0.4
Depends on vulnerable versions of vm2
node_modules/degenerator
pac-resolver 5.0.0 - 6.0.2
Depends on vulnerable versions of degenerator
node_modules/pac-resolver
pac-proxy-agent 5.0.0 - 6.0.4
Depends on vulnerable versions of pac-resolver
node_modules/pac-proxy-agent
proxy-agent 5.0.0 - 6.2.2
Depends on vulnerable versions of pac-proxy-agent
node_modules/proxy-agent
superagent-proxy >=3.0.0
Depends on vulnerable versions of proxy-agent
node_modules/superagent-proxy
remote-content >=3.0.0
Depends on vulnerable versions of superagent-proxy
node_modules/remote-content
href-content >=2.0.1
Depends on vulnerable versions of remote-content
node_modules/href-content
extract-css >=2.0.1
Depends on vulnerable versions of href-content
node_modules/extract-css
inline-css >=4.0.0
Depends on vulnerable versions of extract-css
node_modules/inline-css
@nestjs-modules/mailer >=1.8.1
Depends on vulnerable versions of inline-css
node_modules/@nestjs-modules/mailer
11 critical severity vulnerabilities
└─┬ @nestjs-modules/mailer@1.9.1
└─┬ inline-css@4.0.2
└─┬ extract-css@3.0.1
└─┬ href-content@2.0.2
└─┬ remote-content@3.0.1
└─┬ superagent-proxy@3.0.0
└─┬ proxy-agent@5.0.0
└─┬ pac-proxy-agent@5.0.0
└─┬ pac-resolver@5.0.1
└─┬ degenerator@3.0.4
└── vm2@3.9.19```
The text was updated successfully, but these errors were encountered:
Summary
A transitive dependency you have in the latest version seems to be impacted by this (issue)[https://github.com/https://github.com/patriksimek/vm2/issues/515].
Details
Here's what I see when I run
npm audit
.The text was updated successfully, but these errors were encountered: