Vulnerabilities

1 via 1 paths

Dependencies

3

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Arbitrary Code Injection

  • Vulnerable module: reduce-css-calc
  • Introduced through: reduce-css-calc@1.2.1

Detailed paths

  • Introduced through: reduce-css-calc@1.2.1
    Remediation: Upgrade to reduce-css-calc@1.2.5.

Overview

reduce-css-calc is a package that reduces CSS calc() function to the maximum. Affected versions of the package used eval() for evaluation the expression, allowing the attacker to gain arbitrary code execution via specially crafted input.

Example

The issue was reported by ChALkeR and demonstrated by his example below:

const reduceCSSCalc = require('reduce-css-calc');
console.log(reduceCSSCalc(`calc(                       (Buffer(10000)))`));
console.log(reduceCSSCalc(`calc(                       (global['fs'] = require('fs')))`));
console.log(reduceCSSCalc(`calc(                       (fs['readFileSync']("/etc/passwd", "utf-8")))`));

Remediation

Upgrade reduce-css-calc version 1.2.5 or greater.

References