GHSA-q849-wxrc-vqrp: hull.js Code Injection Vulnerability
Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function(...)
in the module that handles points format. Applications passing the 3rd parameter to the hull
function without sanitising may be impacted. The vulnerability has been fixed in version 1.0.10, please update the library. Check project homepage on GitHub to see how to fetch the latest version: https://github.com/andriiheonia/hull?tab=readme-ov-file#npm-package
References
Detect and mitigate GHSA-q849-wxrc-vqrp with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →