GHSA-27mx-gchc-6xjp

Source

https://github.com/advisories/GHSA-27mx-gchc-6xjp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-27mx-gchc-6xjp/GHSA-27mx-gchc-6xjp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-27mx-gchc-6xjp

Aliases

CVE-2022-21211

Published

2022-06-11T00:00:17Z

Modified

2023-11-08T04:08:04.962061Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Unhandled crash in npm posix

Details

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T00:40:15Z",
    "severity": "HIGH",
    "nvd_published_at": "2022-06-10T20:15:00Z",
    "cwe_ids": [
        "CWE-252"
    ]
}

References

Affected packages

npm / posix

Package

Name: posix; View open source insights on deps.dev
Purl: pkg:npm/posix

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-27mx-gchc-6xjp/GHSA-27mx-gchc-6xjp.json"