Skip to content
This repository has been archived by the owner on Dec 23, 2024. It is now read-only.

Code Injection Vulnerability

Critical
andriiheonia published GHSA-q849-wxrc-vqrp Nov 30, 2024

Package

npm hull.js (npm)

Affected versions

>=0.2.2 <=1.0.9

Patched versions

1.0.10

Description

Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function(...) in the module that handles points format. Applications passing the 3rd parameter to the hull function without sanitising may be impacted. The vulnerability has been fixed in version 1.0.10, please update the library. Check project homepage on GitHub to see how to fetch the latest version: https://github.com/andriiheonia/hull?tab=readme-ov-file#npm-package

Severity

Critical

CVE ID

No known CVE

Weaknesses

No CWEs

Credits