org.webjars.npm:piscina@5.0.0-alpha.2

  • latest version

    5.0.0-alpha.2

  • first published

    7 months ago

  • latest version published

    7 months ago

  • licenses detected

    • [5.0.0-alpha.2,)
  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:piscina package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Prototype Pollution

    org.webjars.npm:piscina is an A fast, efficient Node.js Worker Thread Pool implementation

    Affected versions of this package are vulnerable to Prototype Pollution via the options.filename property in the constructor and run function. An attacker can execute arbitrary code and gain control over worker threads by polluting Object.prototype.filename upstream and providing a path to a malicious .mjs file. This allows the attacker to read sensitive application data and manipulate return values by hijacking every call to the worker pool across the process. This is only exploitable if an upstream prototype pollution source exists in the process and the attacker can place a controllable .mjs file at a known filesystem path.

    How to fix Prototype Pollution?

    There is no fixed version for org.webjars.npm:piscina.

    [0,)