Vulnerabilities

 1 via 1 paths

Dependencies

 62

Source

 GitHub

Commit

 2286e483

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Code Injection

  • Vulnerable module: lodash.template
  • Introduced through: run-sequence@1.2.2

Detailed paths

  • Introduced through: laravel-boilerplate@etchteam/laravel-boilerplate#2286e483e6fb757eceaed4d651db0ed567e7ce52 run-sequence@1.2.2 gulp-util@3.0.8 lodash.template@3.6.2

Overview

lodash.template is a The Lodash method _.template exported as a Node.js module.

Affected versions of this package are vulnerable to Code Injection via template.

PoC

var _ = require('lodash');

_.template('', { variable: '){console.log(process.env)}; with(obj' })()

Remediation

There is no fixed version for lodash.template.

References

Code Injection vulnerability report