Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 [BUG] - critical security problems from vm2 #98

Closed
ymw0407 opened this issue Sep 30, 2023 · 1 comment · Fixed by #99
Closed

🐛 [BUG] - critical security problems from vm2 #98

ymw0407 opened this issue Sep 30, 2023 · 1 comment · Fixed by #99
Assignees
@ymw0407
Labels
bug Something isn't working security
Milestone
1.0.1

Comments

@ymw0407
Copy link
Member

ymw0407 commented Sep 30, 2023

Browsers

Firefox, Chrome, Safari, Microsoft Edge, Opera

OS

Windows, Linux, Mac

Description

As dependabot told us, vm2 has a fatal problem. Therefore, starting with the vm2 module in question, the nestjs-modules/mailer@^1.9.1 module must also be replaced/modified.
dependabot이 알려준 것과 같이 vm2에는 치명적인 문제가 있다고 합니다. 따라서 문제가 있는 vm2 모듈부터 nestjs-modules/mailer@^1.9.1 모듈도 대체/수정해야합니다.

TooTallNate/proxy-agents#240
TooTallNate/proxy-agents#224

As in Issue and Pull-Request above, vm2 used in proxy-agent's degenerator module has been removed. Therefore, it seems that the re-installation will solve the problem.
위의 Issue와 Pull-Request와 같이 proxy-agent의 degenerator 모듈에서 사용되었던 vm2가 제거가 되었다고 합니다. 따라서 재설치를 진행한다면 해당 문제가 해결될 것으로 보입니다.

Reproduction URL

https://github.com/AgainIoT/Open-Set-Go_server/security/dependabot/5

Reproduction Steps

https://github.com/AgainIoT/Open-Set-Go_server/security/dependabot/5

Solutions

https://github.com/TooTallNate/proxy-agents/issues/240
https://github.com/TooTallNate/proxy-agents/pull/224

As in Issue and Pull-Request above, vm2 used in proxy-agent's degenerator module has been removed. Therefore, it seems that the re-installation will solve the problem.
위의 Issue와 Pull-Request와 같이 proxy-agent의 degenerator 모듈에서 사용되었던 vm2가 제거가 되었다고 합니다. 따라서 재설치를 진행한다면 해당 문제가 해결될 것으로 보입니다.

Screenshots

No response
@ymw0407 ymw0407 added bug Something isn't working security labels Sep 30, 2023
@ymw0407 ymw0407 self-assigned this Sep 30, 2023
@ymw0407 ymw0407 changed the title 🐛 [BUG] - Security problems from vm2 🐛 [BUG] - critical security problems from vm2 Sep 30, 2023
@ymw0407
Copy link
Member Author

ymw0407 commented Sep 30, 2023

I can find solution from this issue
nest-modules/mailer#723

ymw0407 added a commit that referenced this issue Sep 30, 2023
@ymw0407
Fix : resolve vm2 module's critical security problems #98
db70bab 
- package.json has been changed(resolutions added)
- vm2 modules removed from yarn.lock

Signed-off-by: ymw0407 <[email protected]>
@ymw0407 ymw0407 linked a pull request Sep 30, 2023 that will close this issue
Fix : resolve vm2 module's critical security problems #98 #99
Merged
11 tasks
@ymw0407 ymw0407 mentioned this issue Sep 30, 2023
Merged
11 tasks
@ymw0407 ymw0407 added this to the 1.0.1 milestone Sep 30, 2023
ymw0407 added a commit that referenced this issue Sep 30, 2023
@ymw0407
Merge pull request #99 from AgainIoT/feature/98
e01e51d 
Fix : resolve vm2 module's critical security problems #98
@ymw0407 ymw0407 mentioned this issue Oct 6, 2023
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ymw0407 ymw0407

Labels
bug Something isn't working security
Projects
None yet
Milestone
1.0.1
Development

Successfully merging a pull request may close this issue.

Fix : resolve vm2 module's critical security problems #98 AgainIoT/Open-Set-Go_server
1 participant
@ymw0407