Vulnerabilities

 2 via 2 paths

Dependencies

 190

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Improper Validation of Specified Index, Position, or Offset in Input

  • Vulnerable module: uuid
  • Introduced through: mssql@10.0.4

Detailed paths

  • Introduced through: kkrisz1.staruml-reverse-db@kkrisz1/staruml-reverse-db mssql@10.0.4 tedious@16.7.1 @azure/identity@3.4.2 @azure/msal-node@2.16.3 uuid@8.3.2
    Remediation: Upgrade to mssql@11.0.0.

Overview

uuid is a RFC4122 (v1, v4, and v5) compliant UUID library.

Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes (small buf or large offset). This inconsistency allows silent partial writes into caller-provided buffers.

PoC

cd /home/StrawHat/uuid
npm ci
npm run build

node --input-type=module -e "
import {v4,v5,v6} from './dist-node/index.js';
const ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';
for (const [name,fn] of [
  ['v4',()=>v4({},new Uint8Array(8),4)],
  ['v5',()=>v5('x',ns,new Uint8Array(8),4)],
  ['v6',()=>v6({},new Uint8Array(8),4)],
]) {
  try { fn(); console.log(name,'NO_THROW'); }
  catch(e){ console.log(name,'THREW',e.name); }
}"

Remediation

Upgrade uuid to version 11.1.1, 14.0.0 or higher.

References

Improper Validation of Specified Index, Position, or Offset in Input vulnerability report

medium severity

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • Vulnerable module: @azure/identity
  • Introduced through: mssql@10.0.4

Detailed paths

  • Introduced through: kkrisz1.staruml-reverse-db@kkrisz1/staruml-reverse-db mssql@10.0.4 tedious@16.7.1 @azure/identity@3.4.2
    Remediation: Upgrade to mssql@11.0.0.

Overview

@azure/identity is a Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID

Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

Notes:

  1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

  2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

  3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

  4. The vulnerability exists in the following credential types:

ManagedIdentityApplication (.NET)

ManagedIdentityApplication (Java)

ManagedIdentityApplication (Node.js)

Remediation

Upgrade @azure/identity to version 4.2.1 or higher.

References

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability report