Steakenthusiast

**Name of the Vulnerable Software and Affected Versions** asteval versions prior to 1.0.6 **Description** The issue is rooted in how asteval performs handling of `FormattedValue` AST nodes, specifically the `on formattedvalue` value using the dangerous format method of the str class. This allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format( fstring =val)`. The vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception, then catching the exception and using its `obj` attribute to gain arbitrary access to sensitive or protected object properties. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 to fix the issue. As a temporary workaround, consider restricting the input to the `asteval` library to prevent manipulation of the `FormattedValue` AST nodes. Additionally, avoid using the `on formattedvalue` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** webcrack versions prior to 2.14.1 **Description** An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. **Recommendations** For versions prior to 2.14.1, update to version 2.14.1 to resolve the issue. As a temporary workaround, consider disabling the unpack bundles feature and the saving feature until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using module names that include path traversal sequences with Windows path separators in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** javascript-deobfuscator versions prior to 1.1.0 **Description** The issue concerns crafted payloads that target expression simplification, potentially leading to code execution. This is related to the `expression simplification` feature. Users are advised to update to version 1.1.0 to resolve the issue. For users unable to upgrade, disabling the `expression simplification` feature is recommended as a temporary workaround. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 to resolve the issue. For users unable to upgrade to version 1.1.0, disable the `expression simplification` feature as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** pymatgen versions prior to 2024.2.20 **Description** A critical security issue exists in the `JonesFaithfulTransformation.from transformation str()` method within the `pymatgen` library. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. The vulnerability can be exploited when parsing a maliciously-created CIF file. **Recommendations** For pymatgen versions prior to 2024.2.20, update to version 2024.2.20 to resolve the issue. As a temporary workaround, consider avoiding the use of the `JonesFaithfulTransformation.from transformation str()` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Synchrony deobfuscator versions prior to 2.4.4 **Description** A ` proto ` pollution vulnerability exists in the `LiteralMap` transformer, allowing crafted input to modify properties in the Object prototype. Successful exploitation could lead to arbitrary code execution. The vulnerability is caused by defining a `parser` property on ` proto ` with a path to a JS module on disk, which can lead to arbitrary code execution when executing in Node.js. **Recommendations** For versions prior to 2.4.4, upgrade to `deobfuscator@2.4.4` to fix the issue. As a temporary workaround, consider launching node with the [--disable-proto=delete] or [--disable-proto=throw] flags to minimize the risk of exploitation. Restrict access to the `LiteralMap` transformer to prevent crafted input from modifying properties in the Object prototype. Avoid using the `parser` property on ` proto ` in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** @babel/traverse versions prior to 7.23.2 and 8.0.0-alpha.4 babel-traverse (all versions) **Description** The issue is related to the `path.evaluate()` or `path.evaluateTruthy()` internal Babel methods. Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on these methods. Known affected plugins are `@babel/plugin-transform-runtime`, `@babel/preset-env` when using its `useBuiltIns` option, and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Users that only compile trusted code are not impacted. **Recommendations** - Upgrade `@babel/traverse` to v7.23.2 or higher. - If you cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: - `@babel/plugin-transform-runtime` v7.23.2 - `@babel/preset-env` v7.23.2 - `@babel/helper-define-polyfill-provider` v0.4.3 - `babel-plugin-polyfill-corejs2` v0.4.6 - `babel-plugin-polyfill-corejs3` v0.8.5 - `babel-plugin-polyfill-es-shims` v0.10.0 - `babel-plugin-polyfill-regenerator` v0.5.3