Vulnerabilities

5 via 5 paths

Dependencies

125

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Issue type
  • 5
  • 1
Severity
  • 4
  • 2
Status
  • 6
  • 0
  • 0

high severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: brace-expansion
  • Introduced through: imgur@0.3.2

Detailed paths

  • Introduced through: docker-scanimage@lgaticaq/docker-scanimage imgur@0.3.2 glob@7.2.3 minimatch@3.1.5 brace-expansion@1.1.16
    Remediation: Upgrade to imgur@1.0.0.

Overview

brace-expansion is a Brace expansion as known from sh/bash

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string containing multiple consecutive non-expanding '{}' brace groups. The max option does not prevent this issue, as it only limits the output size and not the computational workload.

Remediation

Upgrade brace-expansion to version 5.0.7 or higher.

References

high severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: immutable
  • Introduced through: core-worker@0.3.5

Detailed paths

  • Introduced through: docker-scanimage@lgaticaq/docker-scanimage core-worker@0.3.5 immutable@3.8.3

Overview

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HashCollisionNode class in Immutable.Map and Immutable.Set. An attacker can cause excessive CPU consumption by supplying a large number of keys with identical 32-bit hashes, leading to degraded insertion and lookup performance through crafted input objects.

Remediation

Upgrade immutable to version 4.3.9, 5.1.8 or higher.

References

high severity
new

Integer Overflow or Wraparound

  • Vulnerable module: immutable
  • Introduced through: core-worker@0.3.5

Detailed paths

  • Introduced through: docker-scanimage@lgaticaq/docker-scanimage core-worker@0.3.5 immutable@3.8.3

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setListBounds function in src/List.js when handling an index or size in the range 2 ** 30 to 2 ** 31. An attacker can cause an empty list to enter an uncatchable infinite loop, trigger unbounded memory allocation until process abort, or cause silent value wrapping by supplying crafted input values.

Remediation

Upgrade immutable to version 4.3.9, 5.1.8 or higher.

References

high severity

GPL-3.0 license

  • Module: core-worker
  • Introduced through: core-worker@0.3.5

Detailed paths

  • Introduced through: docker-scanimage@lgaticaq/docker-scanimage core-worker@0.3.5

GPL-3.0 license

medium severity

Improper Validation of Specified Index, Position, or Offset in Input

  • Vulnerable module: uuid
  • Introduced through: uuid@3.4.0

Detailed paths

  • Introduced through: docker-scanimage@lgaticaq/docker-scanimage uuid@3.4.0
    Remediation: Upgrade to uuid@11.1.1.

Overview

uuid is a RFC4122 (v1, v4, and v5) compliant UUID library.

Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes (small buf or large offset). This inconsistency allows silent partial writes into caller-provided buffers.

PoC

cd /home/StrawHat/uuid
npm ci
npm run build

node --input-type=module -e "
import {v4,v5,v6} from './dist-node/index.js';
const ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';
for (const [name,fn] of [
  ['v4',()=>v4({},new Uint8Array(8),4)],
  ['v5',()=>v5('x',ns,new Uint8Array(8),4)],
  ['v6',()=>v6({},new Uint8Array(8),4)],
]) {
  try { fn(); console.log(name,'NO_THROW'); }
  catch(e){ console.log(name,'THREW',e.name); }
}"

Remediation

Upgrade uuid to version 11.1.1, 14.0.0 or higher.

References

medium severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: inflight
  • Introduced through: imgur@0.3.2

Detailed paths

  • Introduced through: docker-scanimage@lgaticaq/docker-scanimage imgur@0.3.2 glob@7.2.3 inflight@1.0.6

Overview

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the makeres function due to improperly deleting keys from the reqs object after execution of callbacks. This behavior causes the keys to remain in the reqs object, which leads to resource exhaustion.

Exploiting this vulnerability results in crashing the node process or in the application crash.

Note: This library is not maintained, and currently, there is no fix for this issue. To overcome this vulnerability, several dependent packages have eliminated the use of this library.

To trigger the memory leak, an attacker would need to have the ability to execute or influence the asynchronous operations that use the inflight module within the application. This typically requires access to the internal workings of the server or application, which is not commonly exposed to remote users. Therefore, “Attack vector” is marked as “Local”.

PoC

const inflight = require('inflight');

function testInflight() {
  let i = 0;
  function scheduleNext() {
    let key = `key-${i++}`;
    const callback = () => {
    };
    for (let j = 0; j < 1000000; j++) {
      inflight(key, callback);
    }

    setImmediate(scheduleNext);
  }


  if (i % 100 === 0) {
    console.log(process.memoryUsage());
  }

  scheduleNext();
}

testInflight();

Remediation

There is no fixed version for inflight.

References