Vulnerabilities

 8 via 8 paths

Dependencies

 173

Source

 GitHub

Commit

 36ae7a39

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 3
  • 5
Status
  • 8
  • 0
  • 0

high severity

Improper Neutralization of Special Elements in Data Query Logic

  • Vulnerable module: mongoose
  • Introduced through: mongoose@5.13.23

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee mongoose@5.13.23
    Remediation: Upgrade to mongoose@6.13.5.

Overview

mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper handling of $where in match queries. An attacker can manipulate search queries to inject malicious code.

Remediation

Upgrade mongoose to version 6.13.5, 7.8.3, 8.8.3 or higher.

References

Improper Neutralization of Special Elements in Data Query Logic vulnerability report

high severity

Improper Neutralization of Special Elements in Data Query Logic

  • Vulnerable module: mongoose
  • Introduced through: mongoose@5.13.23

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee mongoose@5.13.23
    Remediation: Upgrade to mongoose@6.13.6.

Overview

mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper use of a $where filter in conjunction with the populate() match. An attacker can manipulate search queries to retrieve or alter information without proper authorization by injecting malicious input into the query.

Note: This vulnerability derives from an incomplete fix of CVE-2024-53900

Remediation

Upgrade mongoose to version 6.13.6, 7.8.4, 8.9.5 or higher.

References

Improper Neutralization of Special Elements in Data Query Logic vulnerability report

high severity

Improper Input Validation

  • Vulnerable module: url-parse
  • Introduced through: amqp-client-node@1.0.11

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee amqp-client-node@1.0.11 amqplib@0.5.6 url-parse@1.4.7

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the \b (backspace) character.

PoC:

const parse = require('./index.js')

url = parse('\bhttp://google.com')

console.log(url)

Output:

{
  slashes: false,
  protocol: '',
  hash: '',
  query: '',
  pathname: '\bhttp://google.com',
  auth: '',
  host: '',
  port: '',
  hostname: '',
  password: '',
  username: '',
  origin: 'null',
  href: '\bhttp://google.com'
}

Remediation

Upgrade url-parse to version 1.5.9 or higher.

References

Improper Input Validation vulnerability report

medium severity

Access Restriction Bypass

  • Vulnerable module: url-parse
  • Introduced through: amqp-client-node@1.0.11

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee amqp-client-node@1.0.11 amqplib@0.5.6 url-parse@1.4.7

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.

PoC:

// PoC.js
 var parse = require('url-parse')
var cc=parse("http://admin:password123@@127.0.0.1")

//Output:
{ slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/',
  auth: 'admin:password123',
  host: '@127.0.0.1',
  port: '',
  hostname: '@127.0.0.1',
  password: 'password123',
  username: 'admin',
  origin: 'http://@127.0.0.1',
  href: 'http://admin:password123@@127.0.0.1/' }

Remediation

Upgrade url-parse to version 1.5.6 or higher.

References

Access Restriction Bypass vulnerability report

medium severity

Authorization Bypass

  • Vulnerable module: url-parse
  • Introduced through: amqp-client-node@1.0.11

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee amqp-client-node@1.0.11 amqplib@0.5.6 url-parse@1.4.7

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Authorization Bypass via the hostname field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL.

PoC:

var Url = require('url-parse');
var PAYLOAD = "http://example.com:";

console.log(Url(PAYLOAD));

// Expected hostname: example.com
// Actual hostname by url-parse: example.com:

Output:

{
  slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/',
  auth: '',
  host: 'example.com:',
  port: '',
  hostname: 'example.com:',
  password: '',
  username: '',
  origin: 'http://example.com:',
  href: 'http://example.com:/'
}

Remediation

Upgrade url-parse to version 1.5.8 or higher.

References

Authorization Bypass vulnerability report

medium severity

Authorization Bypass Through User-Controlled Key

  • Vulnerable module: url-parse
  • Introduced through: amqp-client-node@1.0.11

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee amqp-client-node@1.0.11 amqplib@0.5.6 url-parse@1.4.7

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.

PoC:

parse = require('url-parse')

console.log(parse("http:@/127.0.0.1"))

Output:

{
  slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/127.0.0.1',
  auth: '',
  host: '',
  port: '',
  hostname: '',
  password: '',
  username: '',
  origin: 'null',
  href: 'http:///127.0.0.1'
}

Remediation

Upgrade url-parse to version 1.5.7 or higher.

References

Authorization Bypass Through User-Controlled Key vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: url-parse
  • Introduced through: amqp-client-node@1.0.11

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee amqp-client-node@1.0.11 amqplib@0.5.6 url-parse@1.4.7

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

Remediation

Upgrade url-parse to version 1.5.0 or higher.

References

Improper Input Validation vulnerability report

medium severity

Open Redirect

  • Vulnerable module: url-parse
  • Introduced through: amqp-client-node@1.0.11

Detailed paths

  • Introduced through: ehr-service@haniot/ehr#36ae7a39ace1ac29ffc47ad42d0e16d70b1060ee amqp-client-node@1.0.11 amqplib@0.5.6 url-parse@1.4.7

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.

Remediation

Upgrade url-parse to version 1.5.2 or higher.

References

Open Redirect vulnerability report