Описание
Unintended Require in larvitbase-api
Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require() call. This allows attackers to execute any .js file in the same folder as the server is running.
Recommendation
Upgrade to version 0.5.4 or later.
Пакеты
Наименование
larvitbase-api
npm
Затронутые версииВерсия исправления
< 0.5.5
0.5.5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).