Hidden functionality in node-ipc

2022-03-16T23:54:33
ID GHSA-8GR3-2GJW-JJ7G
Type github
Reporter GitHub Advisory Database
Modified 2022-03-16T23:55:31

Description

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.