Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Arbitrary code execution when compiling specifically crafted malicious code

Critical
nicolo-ribaudo publishedGHSA-67hx-6x53-jw92Oct 12, 2023

Package

npm@babel/traverse (npm)

Affected versions

<= 7.23.0
8.0.0-alpha.0 - 8.0.0-alpha.3

Patched versions

7.23.2
8.0.0-alpha.4
npmbabel-traverse (npm)
*
None

Description

Impact

Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on thepath.evaluate()orpath.evaluateTruthy() internal Babel methods.

Known affected plugins are:

  • @babel/plugin-transform-runtime
  • @babel/preset-env when using itsuseBuiltIns option
  • Any "polyfill provider" plugin that depends on@babel/helper-define-polyfill-provider, such asbabel-plugin-polyfill-corejs3,babel-plugin-polyfill-corejs2,babel-plugin-polyfill-es-shims,babel-plugin-polyfill-regenerator

No other plugins under the@babel/ namespace are impacted, but third-party plugins might be.

Users that only compile trusted code are not impacted.

Patches

The vulnerability has been fixed in@babel/traverse@7.23.2.

Babel 6 does not receive security fixes anymore (seeBabel's security policy), hence there is no patch planned forbabel-traverse@6.

Workarounds

  • Upgrade@babel/traverse to v7.23.2 or higher. You can do this by deleting it from your package manager's lockfile and re-installing the dependencies.@babel/core >=7.23.2 will automatically pull in a non-vulnerable version.
  • If you cannot upgrade@babel/traverse and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected@babel/traverse versions:
    • @babel/plugin-transform-runtime v7.23.2
    • @babel/preset-env v7.23.2
    • @babel/helper-define-polyfill-provider v0.4.3
    • babel-plugin-polyfill-corejs2 v0.4.6
    • babel-plugin-polyfill-corejs3 v0.8.5
    • babel-plugin-polyfill-es-shims v0.10.0
    • babel-plugin-polyfill-regenerator v0.5.3

Credits

Thanks William Khem-Marquez for reporting the vulnerability.

Severity

Critical

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

CVSS v3 base metrics

Attack vector:More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity:More severe for the least complex attacks.
Privileges required:More severe if no privileges are required.
User interaction:More severe when no user interaction is required.
Scope:More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality:More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity:More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability:More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE ID

CVE-2023-45133

Weaknesses

Credits

[8]ページ先頭
©2009-2025 Movatter.jp