webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

Severity:: Medium

Description

An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature.

Recommendation

Update the webcrack package to the latest compatible version. Followings are version details:

Affected version(s): <= 2.14.0
Patched version(s): 2.14.1

References

GHSA-ccqh-278p-xq6w
CVE-2024-43373
CWE-20
CWE-22
CAPEC-310
OWASP 2021-A1
OWASP 2021-A3
OWASP 2021-A6

Related Issues

VvvebJs Arbitrary File Upload vulnerability - CVE-2024-29272
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF - CVE-2024-4367
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo - CVE-2024-21548
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) - CVE-2024-56334

Tags:: npm; webcrack

Anything's wrong? Let us know Last updated on November 18, 2024