Vulnerabilities |
9 via 9 paths |
|---|---|
Dependencies |
174 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: mongoose
- Introduced through: mongoose@5.13.23
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › mongoose@5.13.23Remediation: Upgrade to mongoose@6.13.5.
Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper handling of $where in match queries. An attacker can manipulate search queries to inject malicious code.
Remediation
Upgrade mongoose to version 6.13.5, 7.8.3, 8.8.3 or higher.
References
high severity
- Vulnerable module: mongoose
- Introduced through: mongoose@5.13.23
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › mongoose@5.13.23Remediation: Upgrade to mongoose@6.13.6.
Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper use of a $where filter in conjunction with the populate() match. An attacker can manipulate search queries to retrieve or alter information without proper authorization by injecting malicious input into the query.
Note: This vulnerability derives from an incomplete fix of CVE-2024-53900
Remediation
Upgrade mongoose to version 6.13.6, 7.8.4, 8.9.5 or higher.
References
high severity
new
- Vulnerable module: mongoose
- Introduced through: mongoose@5.13.23
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › mongoose@5.13.23Remediation: Upgrade to mongoose@6.13.9.
Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in the sanitizeFilter function. An attacker can gain unauthorized access to sensitive data by injecting malicious query operators inside a $nor clause when user-controlled input is passed directly into query methods.
Note: This is only exploitable if the application explicitly enables the sanitization feature and passes unsanitized user input directly into query methods without additional input validation.
Workaround
This vulnerability can be mitigated by deleting $nor keys from user input, using an additional schema validation library, or writing middleware to strip out $nor from query filters.
Remediation
Upgrade mongoose to version 6.13.9, 7.8.9, 8.22.1, 9.1.6 or higher.
References
high severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the \b (backspace) character.
PoC:
const parse = require('./index.js')
url = parse('\bhttp://google.com')
console.log(url)
Output:
{
slashes: false,
protocol: '',
hash: '',
query: '',
pathname: '\bhttp://google.com',
auth: '',
host: '',
port: '',
hostname: '',
password: '',
username: '',
origin: 'null',
href: '\bhttp://google.com'
}
Remediation
Upgrade url-parse to version 1.5.9 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.
PoC:
// PoC.js
var parse = require('url-parse')
var cc=parse("http://admin:password123@@127.0.0.1")
//Output:
{ slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/',
auth: 'admin:password123',
host: '@127.0.0.1',
port: '',
hostname: '@127.0.0.1',
password: 'password123',
username: 'admin',
origin: 'http://@127.0.0.1',
href: 'http://admin:password123@@127.0.0.1/' }
Remediation
Upgrade url-parse to version 1.5.6 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Authorization Bypass via the hostname field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL.
PoC:
var Url = require('url-parse');
var PAYLOAD = "http://example.com:";
console.log(Url(PAYLOAD));
// Expected hostname: example.com
// Actual hostname by url-parse: example.com:
Output:
{
slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/',
auth: '',
host: 'example.com:',
port: '',
hostname: 'example.com:',
password: '',
username: '',
origin: 'http://example.com:',
href: 'http://example.com:/'
}
Remediation
Upgrade url-parse to version 1.5.8 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.
PoC:
parse = require('url-parse')
console.log(parse("http:@/127.0.0.1"))
Output:
{
slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/127.0.0.1',
auth: '',
host: '',
port: '',
hostname: '',
password: '',
username: '',
origin: 'null',
href: 'http:///127.0.0.1'
}
Remediation
Upgrade url-parse to version 1.5.7 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Remediation
Upgrade url-parse to version 1.5.0 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqp-client-node@1.0.11
Detailed paths
-
Introduced through: ehr-service@haniot/ehr › amqp-client-node@1.0.11 › amqplib@0.5.6 › url-parse@1.4.7
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.
Remediation
Upgrade url-parse to version 1.5.2 or higher.