@platonnetwork/web3-core@0.13.0 vulnerabilities | @platonnetwork/web3-core 0.13.0

Vulnerabilities	1 via 21 paths
Dependencies	77
Source	npm

Detailed paths

Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › @platonnetwork/web3-core-subscriptions@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-ipc@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-ws@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › @platonnetwork/web3-core-subscriptions@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-http@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-ipc@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-ws@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-method@0.13.0 › @platonnetwork/web3-core-subscriptions@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-http@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-ipc@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1
Introduced through: @platonnetwork/web3-core@0.13.0 › @platonnetwork/web3-core-requestmanager@0.13.0 › @platonnetwork/web3-providers-ws@0.13.0 › @platonnetwork/web3-core-helpers@0.13.0 › @platonnetwork/web3-utils@0.13.0 › underscore@1.9.1

Overview

underscore is a JavaScript's functional programming helper library.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the template function, particularly when the variable option is taken from _.templateSettings as it is not sanitized.

PoC

const _ = require('underscore');
_.templateSettings.variable = "a = this.process.mainModule.require('child_process').execSync('touch HELLO')";
const t = _.template("")();

Remediation

Upgrade underscore to version 1.13.0-2, 1.12.1 or higher.

@platonnetwork/web3-core@0.13.0

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

low severity

new

Arbitrary Code Injection

Detailed paths

Overview

PoC

Remediation

References

@platonnetwork/web3-core@0.13.0

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

low severity new

Arbitrary Code Injection

Detailed paths

Overview

PoC

Remediation

References

low severity

new