luisillobret2 / hackthecat Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/ejs/package.json
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
CVE | Severity | CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (ejs version) | Remediation Possible** | Reachability |
---|---|---|---|---|---|---|---|---|---|
CVE-2022-29078 | Critical | 9.3 | Not Defined | 28.7% | ejs-3.1.6.tgz | Direct | 3.1.7 | โ | |
CVE-2024-33883 | High | 8.7 | Not Defined | 0.0% | ejs-3.1.6.tgz | Direct | ejs - 3.1.10 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
The vulnerable code is unreachable
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Publish Date: 2022-04-25
URL: CVE-2022-29078
Exploit Maturity: Not Defined
EPSS: 28.7%
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29078~
Release Date: 2022-04-25
Fix Resolution: 3.1.7
In order to enable automatic remediation, please create workflow rules
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
Publish Date: 2024-04-28
URL: CVE-2024-33883
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-33883
Release Date: 2024-04-28
Fix Resolution: ejs - 3.1.10
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
Simple express file upload middleware that wraps around Busboy
Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.3.1.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/express-fileupload/package.json
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
CVE | Severity | CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (express-fileupload version) | Remediation Possible** | Reachability |
---|---|---|---|---|---|---|---|---|---|
CVE-2022-27140 | Critical | 9.2 | Not Defined | 0.5% | express-fileupload-1.3.1.tgz | Direct | N/A | โ | |
CVE-2022-27261 | High | 8.7 | Not Defined | 0.1% | express-fileupload-1.3.1.tgz | Direct | N/A | โ | |
CVE-2022-24434 | High | 8.7 | Not Defined | 0.2% | dicer-0.3.0.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Simple express file upload middleware that wraps around Busboy
Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.3.1.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/express-fileupload/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/app.js (Application)
-> โ express-fileupload-1.3.1/lib/index.js (Vulnerable Component)
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).
Publish Date: 2022-04-12
URL: CVE-2022-27140
Exploit Maturity: Not Defined
EPSS: 0.5%
Base Score Metrics:
Simple express file upload middleware that wraps around Busboy
Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.3.1.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/express-fileupload/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/app.js (Application)
-> express-fileupload-1.3.1/lib/index.js (Extension)
-> express-fileupload-1.3.1/lib/processMultipart.js (Extension)
-> โ express-fileupload-1.3.1/lib/memHandler.js (Vulnerable Component)
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
Publish Date: 2022-04-12
URL: CVE-2022-27261
Exploit Maturity: Not Defined
EPSS: 0.1%
Base Score Metrics:
A very fast streaming multipart parser for node.js
Library home page: https://registry.npmjs.org/dicer/-/dicer-0.3.0.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/dicer/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/app.js (Application)
-> express-fileupload-1.3.1/lib/index.js (Extension)
-> busboy-0.3.1/lib/main.js (Extension)
-> busboy-0.3.1/lib/types/multipart.js (Extension)
-> dicer-0.3.0/lib/Dicer.js (Extension)
-> โ dicer-0.3.0/lib/HeaderParser.js (Vulnerable Component)
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
Publish Date: 2022-05-20
URL: CVE-2022-24434
Exploit Maturity: Not Defined
EPSS: 0.2%
Base Score Metrics:
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
Library home page: https://registry.npmjs.org/mysql2/-/mysql2-2.3.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/mysql2/package.json
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
CVE | Severity | CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (mysql2 version) | Remediation Possible** | Reachability |
---|---|---|---|---|---|---|---|---|---|
CVE-2024-21511 | Critical | 9.3 | Not Defined | 0.0% | mysql2-2.3.3.tgz | Direct | 3.9.7 | โ | |
CVE-2024-21508 | Critical | 9.3 | Not Defined | 0.0% | mysql2-2.3.3.tgz | Direct | 3.9.4 | โ | |
CVE-2024-21509 | Medium | 6.9 | Not Defined | 0.0% | mysql2-2.3.3.tgz | Direct | 3.9.4 | โ | |
CVE-2024-21507 | Medium | 6.9 | Not Defined | 0.0% | mysql2-2.3.3.tgz | Direct | 3.9.3 | โ | |
CVE-2024-21512 | High | 8.8 | Not Defined | 0.0% | mysql2-2.3.3.tgz | Direct | 3.9.8 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
Library home page: https://registry.npmjs.org/mysql2/-/mysql2-2.3.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/mysql2/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/services/connectionService.js (Application)
-> mysql2-2.3.3/index.js (Extension)
-> mysql2-2.3.3/lib/connection.js (Extension)
-> mysql2-2.3.3/lib/commands/index.js (Extension)
-> mysql2-2.3.3/lib/commands/query.js (Extension)
-> โ mysql2-2.3.3/lib/parsers/text_parser.js (Vulnerable Component)
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Publish Date: 2024-04-23
URL: CVE-2024-21511
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-21511
Release Date: 2024-04-23
Fix Resolution: 3.9.7
In order to enable automatic remediation, please create workflow rules
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
Library home page: https://registry.npmjs.org/mysql2/-/mysql2-2.3.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/mysql2/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/services/connectionService.js (Application)
-> mysql2-2.3.3/index.js (Extension)
-> mysql2-2.3.3/lib/connection.js (Extension)
-> mysql2-2.3.3/lib/commands/index.js (Extension)
-> mysql2-2.3.3/lib/commands/execute.js (Extension)
-> โ mysql2-2.3.3/lib/parsers/binary_parser.js (Vulnerable Component)
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
Publish Date: 2024-04-11
URL: CVE-2024-21508
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-21508
Release Date: 2024-04-11
Fix Resolution: 3.9.4
In order to enable automatic remediation, please create workflow rules
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
Library home page: https://registry.npmjs.org/mysql2/-/mysql2-2.3.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/mysql2/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/services/connectionService.js (Application)
-> mysql2-2.3.3/index.js (Extension)
-> mysql2-2.3.3/lib/connection.js (Extension)
-> mysql2-2.3.3/lib/commands/index.js (Extension)
-> mysql2-2.3.3/lib/commands/execute.js (Extension)
-> โ mysql2-2.3.3/lib/parsers/binary_parser.js (Vulnerable Component)
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
Publish Date: 2024-04-10
URL: CVE-2024-21509
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-21509
Release Date: 2024-04-10
Fix Resolution: 3.9.4
In order to enable automatic remediation, please create workflow rules
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
Library home page: https://registry.npmjs.org/mysql2/-/mysql2-2.3.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/mysql2/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/services/connectionService.js (Application)
-> mysql2-2.3.3/index.js (Extension)
-> โ mysql2-2.3.3/lib/parsers/parser_cache.js (Vulnerable Component)
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
Publish Date: 2024-04-10
URL: CVE-2024-21507
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-21507
Release Date: 2024-04-10
Fix Resolution: 3.9.3
In order to enable automatic remediation, please create workflow rules
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
Library home page: https://registry.npmjs.org/mysql2/-/mysql2-2.3.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/mysql2/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
Publish Date: 2024-05-29
URL: CVE-2024-21512
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Release Date: 2024-05-29
Fix Resolution: 3.9.8
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
A clean, whitespace-sensitive template language for writing HTML
Library home page: https://registry.npmjs.org/pug/-/pug-2.0.4.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/pug/package.json
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
CVE | Severity | CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (pug version) | Remediation Possible** | Reachability |
---|---|---|---|---|---|---|---|---|---|
CVE-2021-21353 | Critical | 9.5 | Not Defined | 4.1% | pug-2.0.4.tgz | Direct | 3.0.0-canary-1 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
A clean, whitespace-sensitive template language for writing HTML
Library home page: https://registry.npmjs.org/pug/-/pug-2.0.4.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/pug/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/routes/homeRoutes.js (Application)
-> โ pug-2.0.4/lib/index.js (Vulnerable Component)
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty
option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the pretty
option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
Publish Date: 2021-03-03
URL: CVE-2021-21353
Exploit Maturity: Not Defined
EPSS: 4.1%
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-p493-635q-r6gr
Release Date: 2021-03-03
Fix Resolution: 3.0.0-canary-1
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These branches will be created by Renovate only once you click their checkbox below.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
dotenv
, ejs
, express
, express-fileupload
, express-session
)docker-compose.yaml
db/Dockerfile
web/Dockerfile
.github/workflows/codeql.yml
actions/checkout v3
github/codeql-action v2
github/codeql-action v2
github/codeql-action v2
web/package.json
cookie-parser ^1.4.6
cors ^2.8.5
dotenv ^16.0.0
ejs ^3.1.6
express ^4.17.2
express-fileupload ^1.3.1
express-session ^1.17.2
morgan ^1.10.0
mysql2 ^2.3.3
node-serialize 0.0.4
pug 2.0.4
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/node-serialize/package.json
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
CVE | Severity | CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (node-serialize version) | Remediation Possible** | Reachability |
---|---|---|---|---|---|---|---|---|---|
CVE-2017-5941 | Critical | 9.3 | Not Defined | 4.1% | node-serialize-0.0.4.tgz | Direct | N/A | โ | |
CVE-2017-16004 | High | 8.1 | Not Defined | node-serialize-0.0.4.tgz | Direct | N/A | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/node-serialize/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/routes/adminRoutes.js (Application)
-> โ node-serialize-0.0.4/lib/serialize.js (Vulnerable Component)
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Publish Date: 2017-02-09
URL: CVE-2017-5941
Exploit Maturity: Not Defined
EPSS: 4.1%
Base Score Metrics:
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/node-serialize/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/routes/adminRoutes.js (Application)
-> โ node-serialize-0.0.4/lib/serialize.js (Vulnerable Component)
node-serialize ll versions can be abused to execute arbitrary code via an immediately invoked function expression
Publish Date: 2019-07-11
URL: CVE-2017-16004
Exploit Maturity: Not Defined
EPSS:
Base Score Metrics:
Fast, unopinionated, minimalist web framework
Library home page: https://registry.npmjs.org/express/-/express-4.17.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/express/package.json
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
CVE | Severity | CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (express version) | Remediation Possible** | Reachability |
---|---|---|---|---|---|---|---|---|---|
CVE-2024-29041 | Medium | 5.3 | Not Defined | 0.0% | express-4.17.3.tgz | Direct | 4.19.0 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Fast, unopinionated, minimalist web framework
Library home page: https://registry.npmjs.org/express/-/express-4.17.3.tgz
Path to dependency file: /web/package.json
Path to vulnerable library: /web/node_modules/express/package.json
Dependency Hierarchy:
Found in HEAD commit: 3ef99769403f1d861850400e94786191c7fb5469
Found in base branch: main
This vulnerability is potentially reachable
hackthecat-0.0.1/routes/contactMessageRoutes.js (Application)
-> express-4.17.3/index.js (Extension)
-> express-4.17.3/lib/express.js (Extension)
-> โ express-4.17.3/lib/response.js (Vulnerable Component)
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl
on the contents before passing it to the location
header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is res.location()
but this is also called from within res.redirect()
. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
Publish Date: 2024-03-25
URL: CVE-2024-29041
Exploit Maturity: Not Defined
EPSS: 0.0%
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-rv95-896h-c2vc
Release Date: 2024-03-25
Fix Resolution: 4.19.0
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.