Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-XF27-JQWV-GF3R
HistorySep 11, 2019 - 11:03 p.m.

Unintended Require in larvitbase-api

2019-09-1123:03:57
Google
osv.dev
7

0.001 Low

EPSS

Percentile

42.0%

JSON

Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require() call. This allows attackers to execute any .js file in the same folder as the server is running.

Recommendation

Upgrade to version 0.5.4 or later.

CPENameOperatorVersion
larvitbase-apilt0.5.5

Related

nvd 1
hackerone 1
prion 1
githubexploit 1
cvelist 1
github 1
cve 1
veracode 1
nvd
nvd
CVE-2019-5479
2019-09-03 20:15:11
hackerone
hackerone
Node.js third-party modules: [larvitbase-api] Unintended Require
2019-05-04 10:15:45
prion
prion
Code injection
2019-09-03 20:15:00
githubexploit
githubexploit
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Larvit Larvitbase
2020-12-01 09:18:58
cvelist
cvelist
CVE-2019-5479
2019-09-03 19:15:47
github
github
Unintended Require in larvitbase-api
2019-09-11 23:03:57
cve
cve
CVE-2019-5479
2019-09-03 20:15:11
veracode
veracode
Local File Inclusion
2019-08-30 03:13:36

0.001 Low

EPSS

Percentile

42.0%

JSON
Related for OSV:GHSA-XF27-JQWV-GF3R
nvd1hackerone1prion1githubexploit1cvelist1github1cve1veracode1