ldap@0.7.1

Vulnerabilities

1 via 1 paths

Dependencies

31

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Remote Code Execution (RCE)

  • Vulnerable module: bunyan
  • Introduced through: bunyan@1.3.3

Detailed paths

  • Introduced through: ldap@0.7.1 bunyan@1.3.3
    Remediation: Upgrade to bunyan@1.8.13.

Overview

bunyan is an a JSON logging library for node.js services

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via insecure command formatting which allowed creating a "hacked" file in the current dir.

Remediation

Upgrade bunyan to version 1.8.13, 2.0.3 or higher.

References