Skip to content

Remote Code Execution in npm-groovy-lint

Critical severity GitHub Reviewed Published Dec 20, 2021 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm npm-groovy-lint (npm)

Affected versions

< 9.1.0

Patched versions

9.1.0

Description

Versions of npm-groovy-lint prior to 9.1.0 bundle vulnerable versions of the Log4j library which are subject to remote code execution via jndi rendering. As a result npm-groovy-lint prior to 9.1.0 is also vulnerable.

References

Reviewed Dec 20, 2021
Published to the GitHub Advisory Database Dec 20, 2021
Last updated Jan 11, 2023

Severity

Critical

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-qc22-qwm9-j8rx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.