Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: tmp
- Introduced through: @stryker-mutator/core@8.7.1
Detailed paths
-
Introduced through: qr-scanner-cli@victorperin/qr-scanner-cli#78d640374c406e63459ebedc621126ce59eb5e5e › @stryker-mutator/core@8.7.1 › @inquirer/prompts@6.0.1 › @inquirer/editor@3.0.1 › external-editor@3.1.0 › tmp@0.0.33
Overview
Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory.
PoC
const tmp = require('tmp');
const tmpobj = tmp.fileSync({ 'dir': 'evil-dir'});
console.log('File: ', tmpobj.name);
try {
tmp.fileSync({ 'dir': 'mydir1'});
} catch (err) {
console.log('test 1:', err.message)
}
try {
tmp.fileSync({ 'dir': '/foo'});
} catch (err) {
console.log('test 2:', err.message)
}
try {
const fs = require('node:fs');
const resolved = fs.realpathSync('/tmp/evil-dir');
tmp.fileSync({ 'dir': resolved});
} catch (err) {
console.log('test 3:', err.message)
}
Remediation
Upgrade tmp to version 0.2.4 or higher.
References
medium severity
- Vulnerable module: phin
- Introduced through: jimp@0.16.13
Detailed paths
-
Introduced through: qr-scanner-cli@victorperin/qr-scanner-cli#78d640374c406e63459ebedc621126ce59eb5e5e › jimp@0.16.13 › @jimp/custom@0.16.13 › @jimp/core@0.16.13 › phin@2.9.3Remediation: Upgrade to jimp@0.22.0.
Overview
phin is a The ultra-lightweight Node.js HTTP client
Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the handling of HTTP headers during redirects when followRedirects is enabled. An attacker can potentially intercept sensitive information by exploiting how headers are included in outgoing requests after a redirect.
Remediation
Upgrade phin to version 3.7.1 or higher.