CVE-2022-21211 – posix

Package

Manager: npm
Name: posix
Vulnerable Version: >=0 <=4.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00411 pctl0.60611

Details

Unhandled crash in npm posix This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

Metadata

Created: 2022-06-11T00:00:17Z
Modified: 2022-06-17T00:40:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-27mx-gchc-6xjp/GHSA-27mx-gchc-6xjp.json
CWE IDs: ["CWE-252"]
Alternative ID: GHSA-27mx-gchc-6xjp
Finding: F184
Auto approve: 1