[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Description

Potential for arbitrary code execution in #gpg-tagged property values (only if decrypt: true option is enabled)

Recommendation

Update the @thi.ng/egf package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.4.0
• Patched version(s): 0.4.0

References

• GHSA-rj44-gpjc-29r7
• www.npmjs.com
• CVE-2021-21412
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• React Editable Json Tree vulnerable to arbitrary code execution via function parsing - CVE-2022-36010
• Angular Expressions - Remote Code Execution - CVE-2021-21277
• Arbitrary code execution in djv - CVE-2020-28464
• Joplin is vulnerable to arbitrary code execution - CVE-2022-35131

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

@thi.ng/egf