Vulnerabilities

 2 via 6 paths

Dependencies

 309

Source

 GitHub

Commit

 c859a349

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity
new

Infinite loop

  • Vulnerable module: brace-expansion
  • Introduced through: @oclif/core@3.27.0 and @salesforce/sf-plugins-core@5.0.13

Detailed paths

  • Introduced through: sf-chipps-data@ClayChipps/sf-chipps-data#c859a349b683c099c296b488bf8ea006a7bfd4a8 @oclif/core@3.27.0 minimatch@9.0.9 brace-expansion@2.0.3
    Remediation: Upgrade to @oclif/core@4.8.1.
  • Introduced through: sf-chipps-data@ClayChipps/sf-chipps-data#c859a349b683c099c296b488bf8ea006a7bfd4a8 @salesforce/sf-plugins-core@5.0.13 @oclif/core@3.27.0 minimatch@9.0.9 brace-expansion@2.0.3
    Remediation: Upgrade to @salesforce/sf-plugins-core@10.0.0.
  • Introduced through: sf-chipps-data@ClayChipps/sf-chipps-data#c859a349b683c099c296b488bf8ea006a7bfd4a8 @oclif/core@3.27.0 ejs@3.1.10 jake@10.9.4 filelist@1.0.6 minimatch@5.1.9 brace-expansion@2.0.3
  • Introduced through: sf-chipps-data@ClayChipps/sf-chipps-data#c859a349b683c099c296b488bf8ea006a7bfd4a8 @salesforce/sf-plugins-core@5.0.13 @oclif/core@3.27.0 ejs@3.1.10 jake@10.9.4 filelist@1.0.6 minimatch@5.1.9 brace-expansion@2.0.3

Overview

brace-expansion is a Brace expansion as known from sh/bash

Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by supplying specially crafted input, such as {1..2..0}. This can lead to significant resource consumption and denial of service.

Workaround

This vulnerability can be mitigated by sanitizing strings passed to expand to ensure a step value of 0 is not used.

Remediation

Upgrade brace-expansion to version 5.0.5 or higher.

References

Infinite loop vulnerability report

medium severity

Symlink Attack

  • Vulnerable module: tmp
  • Introduced through: @salesforce/core@6.7.6 and @salesforce/sf-plugins-core@5.0.13

Detailed paths

  • Introduced through: sf-chipps-data@ClayChipps/sf-chipps-data#c859a349b683c099c296b488bf8ea006a7bfd4a8 @salesforce/core@6.7.6 jsforce@2.0.0-beta.29 inquirer@7.3.3 external-editor@3.1.0 tmp@0.0.33
  • Introduced through: sf-chipps-data@ClayChipps/sf-chipps-data#c859a349b683c099c296b488bf8ea006a7bfd4a8 @salesforce/sf-plugins-core@5.0.13 @salesforce/core@6.7.6 jsforce@2.0.0-beta.29 inquirer@7.3.3 external-editor@3.1.0 tmp@0.0.33

Overview

Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory.

PoC

const tmp = require('tmp');

const tmpobj = tmp.fileSync({ 'dir': 'evil-dir'});
console.log('File: ', tmpobj.name);

try {
    tmp.fileSync({ 'dir': 'mydir1'});
} catch (err) {
    console.log('test 1:', err.message)
}

try {
    tmp.fileSync({ 'dir': '/foo'});
} catch (err) {
    console.log('test 2:', err.message)
}

try {
    const fs = require('node:fs');
    const resolved = fs.realpathSync('/tmp/evil-dir');
    tmp.fileSync({ 'dir': resolved});
} catch (err) {
    console.log('test 3:', err.message)
}

Remediation

Upgrade tmp to version 0.2.4 or higher.

References

Symlink Attack vulnerability report