updated names

patch-1
Prince Chaddha 2023-07-02 23:10:27 +05:30
parent f9982cf3b6
commit a5d22b8684
3 changed files with 6 additions and 6 deletions

View File

@ -1,7 +1,7 @@
id: express-lfr
info:
name: Express LFR
name: Express - Local File Read
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used.

View File

@ -1,7 +1,7 @@
id: generic-path-traversal
info:
name: Generic Path Traversal
name: Generic - Path Traversal
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
@ -18,4 +18,4 @@ file:
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
condition: or
condition: or

View File

@ -1,7 +1,7 @@
id: tar-path-overwrite
id: tar-extraction
info:
name: Tar Path Overwrite
name: Path Injection Vulnerability in TAR Extraction
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
@ -18,4 +18,4 @@ file:
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
condition: or
condition: or