pkg security vulnerability

npm pkg is a library from npm that packages Node.js projects into executables. A security vulnerability exists in pkg 5.8.1 and earlier, which stems from the fact that any native code package pkg built writes to a hardcoded directory, and can be exploited by an attacker to replace a genuine...

007-nodejs (>=2.5.0 <=2.5.3), 10by10-react-app (=1.2.1) +5573 more potentially affected by CVE-2023-42282 via ip (>=0.0.1 <=1.1.8)

ip NPM version =0.0.1, =2.5.0, =1.0.0, =4.11.0, =1.0.1-5.4, =3.16.2, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =3.0.0-beta.22, =3.16.10 and more Source cves: CVE-2023-42282 Source advisory: OSV:GHSA-78XJ-CGH5-2H22...