Vulnerabilities

 5 via 5 paths

Dependencies

 155

Source

 GitHub

Commit

 63de9659

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
  • 3
Status
  • 5
  • 0
  • 0

high severity

Improper Neutralization of Special Elements in Data Query Logic

  • Vulnerable module: mongoose
  • Introduced through: mongoose@5.13.23

Detailed paths

  • Introduced through: aiims-api@bitsaiims2017/api#63de965917a5e15e2a74d3c4a6a70d2755141556 mongoose@5.13.23
    Remediation: Upgrade to mongoose@6.13.5.

Overview

mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper handling of $where in match queries. An attacker can manipulate search queries to inject malicious code.

Remediation

Upgrade mongoose to version 6.13.5, 7.8.3, 8.8.3 or higher.

References

Improper Neutralization of Special Elements in Data Query Logic vulnerability report

high severity

Improper Neutralization of Special Elements in Data Query Logic

  • Vulnerable module: mongoose
  • Introduced through: mongoose@5.13.23

Detailed paths

  • Introduced through: aiims-api@bitsaiims2017/api#63de965917a5e15e2a74d3c4a6a70d2755141556 mongoose@5.13.23
    Remediation: Upgrade to mongoose@6.13.6.

Overview

mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper use of a $where filter in conjunction with the populate() match. An attacker can manipulate search queries to retrieve or alter information without proper authorization by injecting malicious input into the query.

Note: This vulnerability derives from an incomplete fix of CVE-2024-53900

Remediation

Upgrade mongoose to version 6.13.6, 7.8.4, 8.9.5 or higher.

References

Improper Neutralization of Special Elements in Data Query Logic vulnerability report

medium severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: jsonwebtoken
  • Introduced through: jsonwebtoken@8.5.1

Detailed paths

  • Introduced through: aiims-api@bitsaiims2017/api#63de965917a5e15e2a74d3c4a6a70d2755141556 jsonwebtoken@8.5.1
    Remediation: Upgrade to jsonwebtoken@9.0.0.

Overview

jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm such that the library can be misconfigured to use legacy, insecure key types for signature verification. For example, DSA keys could be used with the RS256 algorithm.

Exploitability

Users are affected when using an algorithm and a key type other than the combinations mentioned below:

EC: ES256, ES384, ES512

RSA: RS256, RS384, RS512, PS256, PS384, PS512

RSA-PSS: PS256, PS384, PS512

And for Elliptic Curve algorithms:

ES256: prime256v1

ES384: secp384r1

ES512: secp521r1

Workaround

Users who are unable to upgrade to the fixed version can use the allowInvalidAsymmetricKeyTypes option to true in the sign() and verify() functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.

Remediation

Upgrade jsonwebtoken to version 9.0.0 or higher.

References

Use of a Broken or Risky Cryptographic Algorithm vulnerability report

medium severity

Improper Restriction of Security Token Assignment

  • Vulnerable module: jsonwebtoken
  • Introduced through: jsonwebtoken@8.5.1

Detailed paths

  • Introduced through: aiims-api@bitsaiims2017/api#63de965917a5e15e2a74d3c4a6a70d2755141556 jsonwebtoken@8.5.1
    Remediation: Upgrade to jsonwebtoken@9.0.0.

Overview

jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)

Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the secretOrPublicKey argument due to misconfigurations of the key retrieval function jwt.verify(). Exploiting this vulnerability might result in incorrect verification of forged tokens when tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm.

Note: This vulnerability affects your application if it supports the usage of both symmetric and asymmetric keys in jwt.verify() implementation with the same key retrieval function.

Remediation

Upgrade jsonwebtoken to version 9.0.0 or higher.

References

Improper Restriction of Security Token Assignment vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: jsonwebtoken
  • Introduced through: jsonwebtoken@8.5.1

Detailed paths

  • Introduced through: aiims-api@bitsaiims2017/api#63de965917a5e15e2a74d3c4a6a70d2755141556 jsonwebtoken@8.5.1
    Remediation: Upgrade to jsonwebtoken@9.0.0.

Overview

jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)

Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.

Exploitability

Users are affected only if all of the following conditions are true for the jwt.verify() function:

  1. A token with no signature is received.

  2. No algorithms are specified.

  3. A falsy (e.g., null, false, undefined) secret or key is passed.

Remediation

Upgrade jsonwebtoken to version 9.0.0 or higher.

References

Improper Authentication vulnerability report