Vulnerabilities |
2 via 3 paths |
|---|---|
Dependencies |
189 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: file-type
- Introduced through: jimp@0.22.12
Detailed paths
-
Introduced through: webrdp@mikej81/webrdp › jimp@0.22.12 › @jimp/custom@0.22.12 › @jimp/core@0.22.12 › file-type@16.5.4
Overview
Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF (WMV/WMA) parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload.
Remediation
Upgrade file-type to version 21.3.1 or higher.
References
medium severity
new
- Vulnerable module: ws
- Introduced through: socket.io@4.8.3
Detailed paths
-
Introduced through: webrdp@mikej81/webrdp › socket.io@4.8.3 › engine.io@6.6.7 › ws@8.18.3
-
Introduced through: webrdp@mikej81/webrdp › socket.io@4.8.3 › socket.io-adapter@2.5.6 › ws@8.18.3
Overview
ws is a simple to use websocket client, server and console for node.js.
Affected versions of this package are vulnerable to Use of Uninitialized Resource in the websocket.close() implementation in the Sender class, which exposes uninitialized memory when a TypedArray is provided as the reason argument.
Note: The project maintainers note that this "flaw is only exploitable through misuse that is unlikely in practice".
PoC
import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(`ws://localhost:${port}`, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
deepStrictEqual(reason, Buffer.alloc(80));
});
}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});
Remediation
Upgrade ws to version 8.20.1 or higher.