Flowise icon indicating copy to clipboard operation
Flowise copied to clipboard
Published 1 month ago verified publisher icon FlowiseAI

Critical vulnerabilities related to the vm2 package and its usage within the flowise-components package.

Open jbinnscornick opened this issue 2 years ago • 1 comments

npm audit report

vm2 * Severity: critical vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-cchq-frgv-rjh5 vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-g644-9gfx-q4q4 No fix available node_modules/vm2 flowise-components >=1.2.14 Depends on vulnerable versions of vm2 node_modules/flowise-components

2 critical severity vulnerabilities

To address issues that do not require attention, run: npm audit fix

Some issues need review, and may require choosing a different dependency.

jbinnscornick avatar Aug 30 '23 06:08 jbinnscornick

Do you know when this will be fixed?

PythonbergIT avatar Aug 02 '24 05:08 PythonbergIT