Home
HIGH: 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
affected
>= 8.0.0-alpha.0, < 8.0.0-alpha.13
affected
affected
>= 8.0.0-alpha.0, < 8.0.0-alpha.13
affected
Description
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.
Problem types
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
Product status
>= 8.0.0-alpha.0, < 8.0.0-alpha.13
>= 8.0.0-alpha.0, < 8.0.0-alpha.13
References
github.com/.../babel/security/advisories/GHSA-fv7c-fp4j-7gwp