Vulnerabilities

2 via 2 paths

Dependencies

4

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: js-yaml
  • Introduced through: js-yaml@2.0.5

Detailed paths

  • Introduced through: js-yaml@2.0.5
    Remediation: Upgrade to js-yaml@3.13.1.

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Arbitrary Code Execution. When an object with an executable toString() property used as a map key, it will execute that function. This happens only for load(), which should not be used with untrusted data anyway. safeLoad() is not affected because it can't parse functions.

Remediation

Upgrade js-yaml to version 3.13.1 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: underscore
  • Introduced through: argparse@0.1.16

Detailed paths

  • Introduced through: js-yaml@2.0.5 argparse@0.1.16 underscore@1.7.0
    Remediation: Upgrade to js-yaml@3.2.7.

Overview

underscore is a JavaScript's functional programming helper library.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the template function, particularly when the variable option is taken from _.templateSettings as it is not sanitized.

PoC

const _ = require('underscore');
_.templateSettings.variable = "a = this.process.mainModule.require('child_process').execSync('touch HELLO')";
const t = _.template("")();

Remediation

Upgrade underscore to version 1.13.0-2, 1.12.1 or higher.

References