CVE-2022-21211: Unchecked Return Value

June 11, 2022 (updated June 17, 2022)

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

References

github.com/advisories/GHSA-27mx-gchc-6xjp
nvd.nist.gov/vuln/detail/CVE-2022-21211
snyk.io/vuln/SNYK-JS-POSIX-2400719

Detect and mitigate CVE-2022-21211 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →