EUVD-2022-0586

Malicious code in bioql PyPI...

@hbtgmbh/dmn-eval-js (>=1.4.0 <=1.5.0), @hbtgmbh/dmn-server (>=1.0.0 <=1.0.2) +33 more potentially affected by CVE-2021-23460 via min-dash (>=1.1.0 <=3.5.2)

min-dash NPM version =1.1.0, =1.4.0, =1.0.0, =0.16.0, =1.0.105, =1.0.0, =1.0.33, =1.0.1, =0.28.0, =0.1.0, =3.0.0, =1.0.0, =0.2.0, =0.11.0, =3.0.0, =4.0.0 and more Source cves: CVE-2021-23460 Source advisory: OSV:GHSA-2M53-83F3-562J...

entfrm-bpmn (>=8.6.2 <=8.6.6), entfrm-flowable-designer (>=1.0.0 <=1.2.6) +4 more potentially affected by CVE-2021-23460 via min-dash (=3.5.2)

min-dash NPM version =3.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on min-dash and may be impacted: - entfrm-bpmn =8.6.2, =1.0.0, =2.2.0, =1.0.0, =1.1.3 Source cves: CVE-2021-23460 Source advisory: SNYK:JS-MINDASH-2340605...