Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
25 May 2022
22 May 2022
Introduced: 22 May 2022CWE-416 Open this link in a new tab
How to fix?
neon to version 0.10.1 or higher.
neon is a Rust bindings for writing safe and fast native Node.js modules.
Affected versions of this package are vulnerable to Use After Free as the
JsArrayBuffer::external and ``JsBuffer::external
methods did not requireT: 'static