GHSA-5w9c-rv96-fr7g – faker

Package

Manager: npm
Name: faker
Vulnerable Version: =6.6.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Removal of functional code in faker.js Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js [CVE-2021-23567](https://github.com/advisories/GHSA-gh88-3pxp-6fm8). The functional code for this package was forked and can be found [here](https://github.com/faker-js/faker).

Metadata

Created: 2022-03-22T19:28:24Z
Modified: 2022-03-22T20:33:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-5w9c-rv96-fr7g/GHSA-5w9c-rv96-fr7g.json
CWE IDs: []
Alternative ID: N/A
Finding: F117
Auto approve: 1