haniot/account
Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: mongoose
- Introduced through: mongoose@5.13.23
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › mongoose@5.13.23Remediation: Upgrade to mongoose@6.13.5.
Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper handling of $where in match queries. An attacker can manipulate search queries to inject malicious code.
Remediation
Upgrade mongoose to version 6.13.5, 7.8.3, 8.8.3 or higher.
References
high severity
- Vulnerable module: mongoose
- Introduced through: mongoose@5.13.23
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › mongoose@5.13.23Remediation: Upgrade to mongoose@6.13.6.
Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper use of a $where filter in conjunction with the populate() match. An attacker can manipulate search queries to retrieve or alter information without proper authorization by injecting malicious input into the query.
Note: This vulnerability derives from an incomplete fix of CVE-2024-53900
Remediation
Upgrade mongoose to version 6.13.6, 7.8.4, 8.9.5 or higher.
References
high severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the \b (backspace) character.
PoC:
const parse = require('./index.js')
url = parse('\bhttp://google.com')
console.log(url)
Output:
{
slashes: false,
protocol: '',
hash: '',
query: '',
pathname: '\bhttp://google.com',
auth: '',
host: '',
port: '',
hostname: '',
password: '',
username: '',
origin: 'null',
href: '\bhttp://google.com'
}
Remediation
Upgrade url-parse to version 1.5.9 or higher.
References
medium severity
- Vulnerable module: jsonwebtoken
- Introduced through: jsonwebtoken@8.5.1
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › jsonwebtoken@8.5.1Remediation: Upgrade to jsonwebtoken@9.0.0.
Overview
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)
Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm such that the library can be misconfigured to use legacy, insecure key types for signature verification. For example, DSA keys could be used with the RS256 algorithm.
Exploitability
Users are affected when using an algorithm and a key type other than the combinations mentioned below:
EC: ES256, ES384, ES512
RSA: RS256, RS384, RS512, PS256, PS384, PS512
RSA-PSS: PS256, PS384, PS512
And for Elliptic Curve algorithms:
ES256: prime256v1
ES384: secp384r1
ES512: secp521r1
Workaround
Users who are unable to upgrade to the fixed version can use the allowInvalidAsymmetricKeyTypes option to true in the sign() and verify() functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.
Remediation
Upgrade jsonwebtoken to version 9.0.0 or higher.
References
medium severity
- Vulnerable module: jsonwebtoken
- Introduced through: jsonwebtoken@8.5.1
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › jsonwebtoken@8.5.1Remediation: Upgrade to jsonwebtoken@9.0.0.
Overview
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)
Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the secretOrPublicKey argument due to misconfigurations of the key retrieval function jwt.verify(). Exploiting this vulnerability might result in incorrect verification of forged tokens when tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm.
Note:
This vulnerability affects your application if it supports the usage of both symmetric and asymmetric keys in jwt.verify() implementation with the same key retrieval function.
Remediation
Upgrade jsonwebtoken to version 9.0.0 or higher.
References
medium severity
- Vulnerable module: jsonwebtoken
- Introduced through: jsonwebtoken@8.5.1
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › jsonwebtoken@8.5.1Remediation: Upgrade to jsonwebtoken@9.0.0.
Overview
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric)
Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.
Exploitability
Users are affected only if all of the following conditions are true for the jwt.verify() function:
A token with no signature is received.
No algorithms are specified.
A falsy (e.g.,
null,false,undefined) secret or key is passed.
Remediation
Upgrade jsonwebtoken to version 9.0.0 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.
PoC:
// PoC.js
var parse = require('url-parse')
var cc=parse("http://admin:password123@@127.0.0.1")
//Output:
{ slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/',
auth: 'admin:password123',
host: '@127.0.0.1',
port: '',
hostname: '@127.0.0.1',
password: 'password123',
username: 'admin',
origin: 'http://@127.0.0.1',
href: 'http://admin:password123@@127.0.0.1/' }
Remediation
Upgrade url-parse to version 1.5.6 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Authorization Bypass via the hostname field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL.
PoC:
var Url = require('url-parse');
var PAYLOAD = "http://example.com:";
console.log(Url(PAYLOAD));
// Expected hostname: example.com
// Actual hostname by url-parse: example.com:
Output:
{
slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/',
auth: '',
host: 'example.com:',
port: '',
hostname: 'example.com:',
password: '',
username: '',
origin: 'http://example.com:',
href: 'http://example.com:/'
}
Remediation
Upgrade url-parse to version 1.5.8 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.
PoC:
parse = require('url-parse')
console.log(parse("http:@/127.0.0.1"))
Output:
{
slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/127.0.0.1',
auth: '',
host: '',
port: '',
hostname: '',
password: '',
username: '',
origin: 'null',
href: 'http:///127.0.0.1'
}
Remediation
Upgrade url-parse to version 1.5.7 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Remediation
Upgrade url-parse to version 1.5.0 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: account-service@haniot/account#2d364a7908529eab61689f65332986cf4298a397 › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.
Remediation
Upgrade url-parse to version 1.5.2 or higher.