passport-windowsauth@0.1.1

Vulnerabilities

1 via 2 paths

Dependencies

20

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Remote Code Execution (RCE)

  • Vulnerable module: bunyan
  • Introduced through: ldapjs@0.6.3

Detailed paths

  • Introduced through: passport-windowsauth@0.1.1 ldapjs@0.6.3 bunyan@0.21.1
    Remediation: Upgrade to passport-windowsauth@1.0.0.
  • Introduced through: passport-windowsauth@0.1.1 ldapjs@0.6.3 pooling@0.4.4 bunyan@0.21.1

Overview

bunyan is an a JSON logging library for node.js services

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via insecure command formatting which allowed creating a "hacked" file in the current dir.

Remediation

Upgrade bunyan to version 1.8.13, 2.0.3 or higher.

References