-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8162601
commit 9f72edd
Showing
1 changed file
with
0 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1 @@ | ||
{"type":"auditAdvisory","data":{"resolution":{"id":1096366,"path":"email-templates>preview-email>mailparser>nodemailer","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.7.3","paths":["email-templates>preview-email>mailparser>nodemailer"]}],"found_by":null,"deleted":null,"references":"- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-9h6g-pr28-7cqp\n- https://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6\n- https://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698\n- https://github.com/nodemailer/nodemailer/commit/dd8f5e8a4ddc99992e31df76bcff9c590035cd4a\n- https://github.com/advisories/GHSA-9h6g-pr28-7cqp","created":"2024-01-31T22:42:54.000Z","id":1096366,"npm_advisory_id":null,"overview":"### Summary\nA ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter `attachDataUrls` set, causing the stuck of event loop. \nAnother flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. \n\n### Details\n\nRegex: /^data:((?:[^;]*;)*(?:[^,]*)),(.*)$/\n\nPath: compile -> getAttachments -> _processDataUrl\n\nRegex: /(<img\\b[^>]* src\\s*=[\\s\"']*)(data:([^;]+);[^\"'>\\s]+)/\n\nPath: _convertDataImages\n\n### PoC\n\nhttps://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6\nhttps://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698\n\n### Impact\n\nReDoS causes the event loop to stuck a specially crafted evil email can cause this problem.\n","reported_by":null,"title":"nodemailer ReDoS when trying to send a specially crafted email","metadata":null,"cves":[],"access":"public","severity":"moderate","module_name":"nodemailer","vulnerable_versions":"<=6.9.8","github_advisory_id":"GHSA-9h6g-pr28-7cqp","recommendation":"Upgrade to version 6.9.9 or later","patched_versions":">=6.9.9","updated":"2024-02-01T17:58:50.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-9h6g-pr28-7cqp"}}} | ||
{"type":"auditAdvisory","data":{"resolution":{"id":1099846,"path":"express>cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"0.6.0","paths":["express>cookie"]}],"found_by":null,"deleted":null,"references":"- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x","created":"2024-10-04T20:31:00.000Z","id":1099846,"npm_advisory_id":null,"overview":"### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167","reported_by":null,"title":"cookie accepts cookie name, path, and domain with out of bounds characters","metadata":null,"cves":["CVE-2024-47764"],"access":"public","severity":"low","module_name":"cookie","vulnerable_versions":"<0.7.0","github_advisory_id":"GHSA-pxg6-pf52-xh8x","recommendation":"Upgrade to version 0.7.0 or later","patched_versions":">=0.7.0","updated":"2024-10-04T20:31:01.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-74"],"url":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x"}}} |