Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: tmp
- Introduced through: panasonic-comfort-cloud-client@2.1.5
Detailed paths
-
Introduced through: iobroker.panasonic-comfort-cloud@marc2016/ioBroker.panasonic-comfort-cloud#f6e022ba68a7e07b234176cc7ead94da7fd716d6 › panasonic-comfort-cloud-client@2.1.5 › @inquirer/prompts@3.3.2 › @inquirer/editor@1.2.15 › external-editor@3.1.0 › tmp@0.0.33
Overview
Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory.
PoC
const tmp = require('tmp');
const tmpobj = tmp.fileSync({ 'dir': 'evil-dir'});
console.log('File: ', tmpobj.name);
try {
tmp.fileSync({ 'dir': 'mydir1'});
} catch (err) {
console.log('test 1:', err.message)
}
try {
tmp.fileSync({ 'dir': '/foo'});
} catch (err) {
console.log('test 2:', err.message)
}
try {
const fs = require('node:fs');
const resolved = fs.realpathSync('/tmp/evil-dir');
tmp.fileSync({ 'dir': resolved});
} catch (err) {
console.log('test 3:', err.message)
}
Remediation
Upgrade tmp to version 0.2.4 or higher.
References
medium severity
new
- Vulnerable module: undici
- Introduced through: undici@6.22.0
Detailed paths
-
Introduced through: iobroker.panasonic-comfort-cloud@marc2016/ioBroker.panasonic-comfort-cloud#f6e022ba68a7e07b234176cc7ead94da7fd716d6 › undici@6.22.0Remediation: Upgrade to undici@6.23.0.
Overview
undici is an An HTTP/1.1 client, written from scratch for Node.js
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decompression chain. An attacker can cause high CPU usage and excessive memory allocation by sending HTTP responses with a large number of chained compression steps in the Content-Encoding header.
Remediation
Upgrade undici to version 6.23.0, 7.18.2 or higher.