In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade realms-shim
to version 1.2.0 or higher.
realms-shim is a shim implementation of the Realm API Proposal.
Affected versions of this package are vulnerable to {{ affectedlibrary.vulnerability.title }}, which would allow the attacker to run arbitrary code.
The vulnerable paths:
Reflect.construct
can be used on the sandboxed Function constructor to reach the prototypes of the primal Realm. a = [...b, ...c]
, which could be modified by the confined code.