Vulnerabilities	7 via 7 paths
Dependencies	22
Source	GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Severity

Critical
High
1
Medium
6
Low

Status

Open
7
Patched
0
Ignored
0

high severity

Improper Input Validation

Vulnerable module: url-parse
Introduced through: amqplib@0.5.6

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › amqplib@0.5.6 › url-parse@1.4.7

Remediation: Upgrade to amqplib@0.7.1.

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the \b (backspace) character.

PoC:

const parse = require('./index.js')

url = parse('\bhttp://google.com')

console.log(url)

Output:

{
  slashes: false,
  protocol: '',
  hash: '',
  query: '',
  pathname: '\bhttp://google.com',
  auth: '',
  host: '',
  port: '',
  hostname: '',
  password: '',
  username: '',
  origin: 'null',
  href: '\bhttp://google.com'
}

Remediation

Upgrade url-parse to version 1.5.9 or higher.

References

GitHub Commit

Improper Input Validation vulnerability report

medium severity

Access Restriction Bypass

Vulnerable module: url-parse
Introduced through: amqplib@0.5.6

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › amqplib@0.5.6 › url-parse@1.4.7

Remediation: Upgrade to amqplib@0.7.1.

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.

PoC:

// PoC.js
 var parse = require('url-parse')
var cc=parse("http://admin:password123@@127.0.0.1")

//Output:
{ slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/',
  auth: 'admin:password123',
  host: '@127.0.0.1',
  port: '',
  hostname: '@127.0.0.1',
  password: 'password123',
  username: 'admin',
  origin: 'http://@127.0.0.1',
  href: 'http://admin:password123@@127.0.0.1/' }

Remediation

Upgrade url-parse to version 1.5.6 or higher.

References

Access Restriction Bypass vulnerability report

medium severity

Authorization Bypass

Vulnerable module: url-parse
Introduced through: amqplib@0.5.6

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › amqplib@0.5.6 › url-parse@1.4.7

Remediation: Upgrade to amqplib@0.7.1.

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Authorization Bypass via the hostname field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL.

PoC:

var Url = require('url-parse');
var PAYLOAD = "http://example.com:";

console.log(Url(PAYLOAD));

// Expected hostname: example.com
// Actual hostname by url-parse: example.com:

Output:

{
  slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/',
  auth: '',
  host: 'example.com:',
  port: '',
  hostname: 'example.com:',
  password: '',
  username: '',
  origin: 'http://example.com:',
  href: 'http://example.com:/'
}

Remediation

Upgrade url-parse to version 1.5.8 or higher.

References

GitHub Commit

Authorization Bypass vulnerability report

medium severity

new

Improper Validation of Specified Index, Position, or Offset in Input

Vulnerable module: uuid
Introduced through: uuid@3.4.0

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › uuid@3.4.0

Remediation: Upgrade to uuid@11.1.1.

Overview

uuid is a RFC4122 (v1, v4, and v5) compliant UUID library.

Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes (small buf or large offset). This inconsistency allows silent partial writes into caller-provided buffers.

PoC

cd /home/StrawHat/uuid
npm ci
npm run build

node --input-type=module -e "
import {v4,v5,v6} from './dist-node/index.js';
const ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';
for (const [name,fn] of [
  ['v4',()=>v4({},new Uint8Array(8),4)],
  ['v5',()=>v5('x',ns,new Uint8Array(8),4)],
  ['v6',()=>v6({},new Uint8Array(8),4)],
]) {
  try { fn(); console.log(name,'NO_THROW'); }
  catch(e){ console.log(name,'THREW',e.name); }
}"

Remediation

Upgrade uuid to version 11.1.1, 14.0.0 or higher.

References

Improper Validation of Specified Index, Position, or Offset in Input vulnerability report

medium severity

Authorization Bypass Through User-Controlled Key

Vulnerable module: url-parse
Introduced through: amqplib@0.5.6

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › amqplib@0.5.6 › url-parse@1.4.7

Remediation: Upgrade to amqplib@0.7.1.

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.

PoC:

parse = require('url-parse')

console.log(parse("http:@/127.0.0.1"))

Output:

{
  slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/127.0.0.1',
  auth: '',
  host: '',
  port: '',
  hostname: '',
  password: '',
  username: '',
  origin: 'null',
  href: 'http:///127.0.0.1'
}

Remediation

Upgrade url-parse to version 1.5.7 or higher.

References

Authorization Bypass Through User-Controlled Key vulnerability report

medium severity

Improper Input Validation

Vulnerable module: url-parse
Introduced through: amqplib@0.5.6

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › amqplib@0.5.6 › url-parse@1.4.7

Remediation: Upgrade to amqplib@0.7.1.

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

Remediation

Upgrade url-parse to version 1.5.0 or higher.

References

Improper Input Validation vulnerability report

medium severity

Open Redirect

Vulnerable module: url-parse
Introduced through: amqplib@0.5.6

Detailed paths

Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport › amqplib@0.5.6 › url-parse@1.4.7

Remediation: Upgrade to amqplib@0.7.1.

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.

Remediation

Upgrade url-parse to version 1.5.2 or higher.

References

Open Redirect vulnerability report

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

high severity

Improper Input Validation

Detailed paths

Overview

PoC:

Remediation

References

medium severity

Access Restriction Bypass

Detailed paths

Overview

PoC:

Remediation

References

medium severity

Authorization Bypass

Detailed paths

Overview

PoC:

Remediation

References

medium severity new

Improper Validation of Specified Index, Position, or Offset in Input

Detailed paths

Overview

PoC

Remediation

References

medium severity

Authorization Bypass Through User-Controlled Key

Detailed paths

Overview

PoC:

Remediation

References

medium severity

Improper Input Validation

Detailed paths

Overview

Remediation

References

medium severity

Open Redirect

Detailed paths

Overview

Remediation

References

medium severity

new