In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for props
.
props is an extract json/yaml from the beginning of text files
Affected versions of this package are vulnerable to Command Injection due to Unsafe Deserialization in props
module.
The module uses yaml-js.load()
function to load a YAML file without any validation/sanitization.
If an attacker can control the YAML file, it could run arbitrary JavaScript code on the victim machine.