@excelltechkylc/code-generator (>=1.0.0 <=1.0.1), @excelltechkylc/compiler (>=1.0.0 <=1.0.1) +5 more potentially affected by CVE-2024-38985 via depath (=1.0.6)

depath NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on depath and may be impacted: - @excelltechkylc/code-generator =1.0.0, =1.0.0, =1.0.6, =1.0.6, =1.0.0, =1.0.4 - vitis-lowcode-renderer =1.0.0 - vitis-lowcode-simulator-renderer...

Depath 安全漏洞

Depath is a path matcher/getter/setter for objects/arrays by Janry Personal Developer. A security vulnerability exists in Depath version v1.0.6, which stems from prototype contamination and could lead to arbitrary code execution or denial of service...