@drubin/garden-cli (>=0.8.0-rc2 <=0.8.0-rc11), eysi-garden-test (>=0.8.1-ci-test <=0.8.1-ci-test-3) +5 more potentially affected by CVE-2018-3784 via cryo (>=0.0.5 <=0.0.6)

cryo NPM version =0.0.5, =0.8.0-rc2, =0.8.1-ci-test, =0.0.1, =0.1.0, =0.1.1, =0.1.2 Source cves: CVE-2018-3784 Source advisory: OSV:GHSA-38F5-GHC2-FCMV...

CVE-2018-3784

creationtimestamp| type| source ---|---|--- 2018-08-21 17:02:43+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-38f5-ghc2-fcmv...

CVE-2018-3784

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...

CVE-2018-3784

CVE-2018-3784 affects cryo, a Node.js module for JSON-like serialization. The root cause is insecure deserialization, allowing an attacker to craft payloads (e.g., via proto manipulation or serialized functions) that can lead to arbitrary code execution. Several sources (NVD, CNVD, PRION, OSV) de...