storm3-fst-personal@0.0.1-alpha.1

Vulnerabilities

1 via 79 paths

Dependencies

77

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Arbitrary Code Injection

  • Vulnerable module: underscore
  • Introduced through: storm3-utils@0.0.1-alpha.1, storm3-core-helpers@0.0.1-alpha.1 and others

Detailed paths

  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-http@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-http@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-http@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-http@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-http@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-method@0.0.1-alpha.1 storm3-core-subscriptions@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-http@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ipc@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1
  • Introduced through: storm3-fst-personal@0.0.1-alpha.1 storm3-net@0.0.1-alpha.1 storm3-core@0.0.1-alpha.1 storm3-core-requestmanager@0.0.1-alpha.1 storm3-providers-ws@0.0.1-alpha.1 storm3-core-helpers@0.0.1-alpha.1 storm3-fst-iban@0.0.1-alpha.1 storm3-utils@0.0.1-alpha.1 underscore@1.9.1

Overview

underscore is a JavaScript's functional programming helper library.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the template function, particularly when the variable option is taken from _.templateSettings as it is not sanitized.

PoC

const _ = require('underscore');
_.templateSettings.variable = "a = this.process.mainModule.require('child_process').execSync('touch HELLO')";
const t = _.template("")();

Remediation

Upgrade underscore to version 1.13.0-2, 1.12.1 or higher.

References