create-lti-launch-artillery@1.0.4

Vulnerabilities

2 via 10 paths

Dependencies

184

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity

Insecure Randomness

  • Vulnerable module: crypto-js
  • Introduced through: oauth-signature@1.5.0 and caccl@1.1.38

Detailed paths

  • Introduced through: create-lti-launch-artillery@1.0.4 oauth-signature@1.5.0 crypto-js@3.1.9-1
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-lti@1.1.6 oauth-signature@1.5.0 crypto-js@3.1.9-1
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-grade-passback@1.1.3 oauth-signature@1.5.0 crypto-js@3.1.9-1
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-authorizer@1.1.24 caccl-lti@1.1.6 oauth-signature@1.5.0 crypto-js@3.1.9-1
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-canvas-partial-simulator@1.0.43 caccl@1.1.38 caccl-lti@1.1.6 oauth-signature@1.5.0 crypto-js@3.1.9-1
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-canvas-partial-simulator@1.0.43 caccl@1.1.38 caccl-grade-passback@1.1.3 oauth-signature@1.5.0 crypto-js@3.1.9-1
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-canvas-partial-simulator@1.0.43 caccl@1.1.38 caccl-authorizer@1.1.24 caccl-lti@1.1.6 oauth-signature@1.5.0 crypto-js@3.1.9-1

Overview

crypto-js is a library of crypto standards.

Affected versions of this package are vulnerable to Insecure Randomness. The secureRandom() method is supposed to return a cryptographically strong pseudo-random data string, but it is biased to certain digits. An attacker could be able to guess the created digits.

Remediation

Upgrade crypto-js to version 3.2.1 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: ejs
  • Introduced through: caccl@1.1.38

Detailed paths

  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-authorizer@1.1.24 ejs@2.7.4
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-canvas-partial-simulator@1.0.43 ejs@2.7.4
  • Introduced through: create-lti-launch-artillery@1.0.4 caccl@1.1.38 caccl-canvas-partial-simulator@1.0.43 caccl@1.1.38 caccl-authorizer@1.1.24 ejs@2.7.4

Overview

ejs is a popular JavaScript templating engine.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the render and renderFile. If external input is flowing into the options parameter, an attacker is able run arbitrary code. This include the filename, compileDebug, and client option.

POC

let ejs = require('ejs')
ejs.render('./views/test.ejs',{
    filename:'/etc/passwd\nfinally { this.global.process.mainModule.require(\'child_process\').execSync(\'touch EJS_HACKED\') }',
    compileDebug: true,
    message: 'test',
    client: true
})

Remediation

Upgrade ejs to version 3.1.6 or higher.

References