[Aikido] Fix security issue in cjs-module-lexer via major version upgrade from 1.4.1 to 2.2.0 #1371

aikido-autofix · 2026-01-14T23:38:12Z

Patch critical RCE vulnerability in cjs-module-lexer by sanitizing input deserialization to prevent arbitrary code execution risks

✅ 1 CVE resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
AIKIDO-2026-10017	MEDIUM	Arbitrary Code Execution vulnerability in deserialization process using unsanitized `eval()` on user input, allowing attackers to inject and execute malicious JavaScript, potentially compromising the system.

🔗 Related Tasks

fix(security): update cjs-module-lexer from 1.4.1 to 2.2.0

e5b4b8e

Provide feedback