Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5462-4vcx-jh7j

Опубликовано: 10 дек. 2024
Источник: github
Github: Прошло ревью
CVSS4: 9.3

Описание

Angular Expressions - Remote Code Execution when using locals

Impact

An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system.

Example of vulnerable code:

const expressions = require("angular-expressions"); const result = expressions.compile("__proto__.constructor")({}, {}); // result should be undefined, however for versions <=1.4.2, it returns an object.

With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system.

Patches

The problem has been patched in version 1.4.3 of angular-expressions.

Workarounds

There is one workaround if it not possible for you to update :

  • Make sure that you use the compiled function with just one argument : ie this is not vulnerable : const result = expressions.compile("__proto__.constructor")({}); : in this case you lose the feature of locals if you need it.

Credits

Credits go to JorianWoltjer who has found the issue and reported it to use. https://jorianwoltjer.com/

Ссылки

Пакеты

Наименование

angular-expressions

npm
Затронутые версииВерсия исправления

< 1.4.3

1.4.3

EPSS

Процентиль: 95%
0.15817
Средний

9.3 Critical

CVSS4

CVE ID

CVE-2024-54152

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2024-54152

ubuntu
около 1 года назад

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument.

nvd логотип

CVE-2024-54152

nvd
около 1 года назад

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument.

fstec логотип

BDU:2024-11152

CVSS3: 9.8
fstec
около 1 года назад

Уязвимость среды проектирования приложений и платформы разработки одностраничных приложений Аngular, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 95%
0.15817
Средний

9.3 Critical

CVSS4

CVE ID

CVE-2024-54152

Дефекты

CWE-94