updated names
parent
f9982cf3b6
commit
a5d22b8684
|
@ -1,7 +1,7 @@
|
|||
id: express-lfr
|
||||
|
||||
info:
|
||||
name: Express LFR
|
||||
name: Express - Local File Read
|
||||
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||||
severity: info
|
||||
description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: generic-path-traversal
|
||||
|
||||
info:
|
||||
name: Generic Path Traversal
|
||||
name: Generic - Path Traversal
|
||||
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||||
severity: info
|
||||
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
|
||||
|
@ -18,4 +18,4 @@ file:
|
|||
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
condition: or
|
||||
condition: or
|
|
@ -1,7 +1,7 @@
|
|||
id: tar-path-overwrite
|
||||
id: tar-extraction
|
||||
|
||||
info:
|
||||
name: Tar Path Overwrite
|
||||
name: Path Injection Vulnerability in TAR Extraction
|
||||
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||||
severity: info
|
||||
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
|
||||
|
@ -18,4 +18,4 @@ file:
|
|||
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
|
||||
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
|
||||
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
|
||||
condition: or
|
||||
condition: or
|
Loading…
Reference in New Issue