webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
- Severity:
- Medium
Description
An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature.
Recommendation
Update the webcrack package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.14.0
- Patched version(s): 2.14.1
References
Related Issues
- The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended - CVE-2025-54885
- Redwood is vulnerable to account takeover via dbAuth "forgot-password - Vulnerability
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- webcrack
Anything's wrong? Let us know Last updated on November 18, 2024