GHSA-hg7c-66ff-9q8g

Source

https://github.com/advisories/GHSA-hg7c-66ff-9q8g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-hg7c-66ff-9q8g/GHSA-hg7c-66ff-9q8g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hg7c-66ff-9q8g

Withdrawn

2020-07-31T16:18:53Z

Published

2020-07-31T16:18:53Z

Modified

2020-07-31T16:18:53Z

Summary

Sandbox bypass in constantinople

Details

constantinople before 3.1.1 affected by a sandbox bypass.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-04-16T03:01:22Z"
}

References

https://github.com/pugjs/constantinople/commit/01d409c0d081dfd65223e6b7767c244156d35f7f
https://bugzilla.redhat.com/show_bug.cgi?id=1577703
https://github.com/advisories/GHSA-hg7c-66ff-9q8g
https://www.npmjs.com/advisories/568

Affected packages

npm / constantinople

Package

Name: constantinople; View open source insights on deps.dev
Purl: pkg:npm/constantinople

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.1