accesslog@0.0.2 vulnerabilities

Simple common/combined access log middleware

latest version

0.0.2
first published

12 years ago
latest version published

10 years ago
licenses detected
- MIT
  >=0
View accesslog package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the accesslog package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary Code Injection accesslog is a simple common/combined access log middleware Affected versions of this package are vulnerable to Arbitrary Code Injection due to the usage of the `Function` constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor `function`, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. How to fix Arbitrary Code Injection? There is no fixed version for `accesslog`.	*

Arbitrary Code Injection

accesslog is a simple common/combined access log middleware

Affected versions of this package are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.

How to fix Arbitrary Code Injection?

There is no fixed version for accesslog.

Go back to all versions of this package

accesslog@0.0.2 vulnerabilities

Simple common/combined access log middleware

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities