Vulnerabilities

 1 via 1 paths

Dependencies

 1

Source

 GitHub

Commit

 1d475c7c

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

critical severity

Arbitrary Code Injection

  • Vulnerable module: binary-parser
  • Introduced through: binary-parser@2.1.0

Detailed paths

  • Introduced through: f1-2021-udp@raweceek-temeletry/f1-2021-udp#1d475c7c5e6932b900fa9b5c61d098271e50da35 binary-parser@2.1.0
    Remediation: Upgrade to binary-parser@2.3.0.

Overview

binary-parser is a Blazing-fast binary parser builder

Affected versions of this package are vulnerable to Arbitrary Code Injection via malicious field names. An attacker can execute arbitrary JavaScript code by supplying untrusted values in the field names or encoding parameters, which are directly interpolated into dynamically generated code without sanitization.

Remediation

Upgrade binary-parser to version 2.3.0 or higher.

References

Arbitrary Code Injection vulnerability report