You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2023-45133
Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate()or path.evaluateTruthy() internal Babel methods.
We grep the entire repo to see if there is any code that uses the babel/traverse, and found only package-lock.json contains the dependencies, there is no place for it in the./src code.
Could anyone confirm whether the presence of babel/traverse would still expose our project to this vulnerability? If so, what steps would be recommended to mitigate this risk?
The text was updated successfully, but these errors were encountered:
CVE-2023-45133
Babel is a compiler for writingJavaScript. In
@babel/traverse
prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions ofbabel-traverse
, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on thepath.evaluate()
orpath.evaluateTruthy()
internal Babel methods.We grep the entire repo to see if there is any code that uses the babel/traverse, and found only package-lock.json contains the dependencies, there is no place for it in the./src code.
Could anyone confirm whether the presence of babel/traverse would still expose our project to this vulnerability? If so, what steps would be recommended to mitigate this risk?
The text was updated successfully, but these errors were encountered: