npm package
replicator
pkg:npm/replicator
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2265 | Med | 6.5 | <= 1.0.5 | — | Apr 1, 2026 | An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object. | |
| CVE-2021-33420 | — | < 1.0.4 | 1.0.4 | Dec 15, 2022 | A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. |
- affected <= 1.0.5
An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.
- CVE-2021-33420Dec 15, 2022affected < 1.0.4fixed 1.0.4
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.