Lucene search

GoogleOSV:GHSA-5726-G6R9-5F22

HistoryOct 24, 2017 - 6:33 p.m.

Potential for Script Injection in syntax-error

2017-10-2418:33:36

Google

osv.dev

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.254 Low

EPSS

Percentile

96.6%

JSON

Versions of syntax-error prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified.

Recommendation

Update to version 1.1.1 or later.

CPENameOperatorVersion
syntax-errorlt1.1.1

CPE	Name	Operator	Version
	syntax-error	lt	1.1.1

References

www-01.ibm.com/support/docview.wss?uid=swg21690815

exchange.xforce.ibmcloud.com/vulnerabilities/96728

github.com/advisories/GHSA-5726-g6r9-5f22

github.com/substack/node-browserify/blob/master/changelog.markdown#421

github.com/substack/node-syntax-error

github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309

nvd.nist.gov/vuln/detail/CVE-2014-7192

www.npmjs.com/advisories/37

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.254 Low

EPSS

Percentile

96.6%

JSON

Related for OSV:GHSA-5726-G6R9-5F22