GHSA-qmmm-73r2-f8xr: @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
This attack gives an attacker arbitrary command execution on the machine of a victim Hoppscotch CLI user. For the attack to succeed, an attacker has to lure the victim into downloading a malicious Hoppscotch collection and running it with the Hoppscotch CLI.
This issue does not impact Hoppscotch Web or Desktop, as they use the safe web worker sandboxing approach.
References
Detect and mitigate GHSA-qmmm-73r2-f8xr with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →