search

Dima2021 / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

marsdb-0.6.11.tgz: 1 vulnerabilities (highest severity is: 6.2) #184

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - marsdb-0.6.11.tgz

MarsDB is a lightweight client-side MongoDB-like database, Promise based, written in ES6

Library home page: https://registry.npmjs.org/marsdb/-/marsdb-0.6.11.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/marsdb/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (marsdb version) Remediation Available
WS-2019-0309 Medium 6.2 marsdb-0.6.11.tgz Direct N/A

Details

WS-2019-0309 ### Vulnerable Library - marsdb-0.6.11.tgz

MarsDB is a lightweight client-side MongoDB-like database, Promise based, written in ES6

Library home page: https://registry.npmjs.org/marsdb/-/marsdb-0.6.11.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/marsdb/package.json

Dependency Hierarchy: - :x: **marsdb-0.6.11.tgz** (Vulnerable Library)

Found in base branch: master

### Vulnerability Details

There is a Command Injection vulnerability found in all versions of marsdb. Attacker my run arbitrary command when function is executed.

Publish Date: 2019-12-01

URL: WS-2019-0309

### CVSS 3 Score Details (6.2)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.