CVE-2024-45390

@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa	Patch
https://github.com/blakeembrey/js-template/security/advisories/GHSA-q765-wm9j-66qj	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:blakeembrey:template:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2024-09-03 20:15

Updated : 2024-09-12 20:15

NVD link : CVE-2024-45390

Mitre link : CVE-2024-45390

CVE.ORG link : CVE-2024-45390

JSON object : View

Products Affected

blakeembrey

template

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-45390", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-03T20:15:08.423", "references": [{"url": "https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/blakeembrey/js-template/security/advisories/GHSA-q765-wm9j-66qj", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature."}, {"lang": "es", "value": "@blakeembrey/template es una librer\u00eda de plantillas de cadenas. Antes de la versi\u00f3n 1.2.0, era posible inyectar y ejecutar c\u00f3digo dentro de la plantilla si el atacante ten\u00eda acceso para escribir el nombre de la plantilla. La versi\u00f3n 1.2.0 contiene un parche. Como workaround, no pase una entrada que no sea de confianza como nombre para mostrar de la plantilla o no use la funci\u00f3n de nombre para mostrar."}], "lastModified": "2024-09-12T20:15:15.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blakeembrey:template:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "2DEB203C-CE34-41AC-A98C-38B707AC7E8D", "versionEndExcluding": "1.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}