%40thi.ng/egf@0.3.3 vulnerabilities

Extensible Graph Format

Direct Vulnerabilities

Known vulnerabilities in the %40thi.ng/egf package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable Version
Arbitrary Code Execution

@thi.ng/egf is an Extensible Graph Format

Affected versions of this package are vulnerable to Arbitrary Code Execution via gpg-tagged property values (only if decrypt: true option is enabled). By default the EGF parse functions do not attempt to decrypt values (since GPG is only available in a non-browser env).

How to fix Arbitrary Code Execution?

Upgrade @thi.ng/egf to version 0.4.0 or higher.
