Home > Vulnerability Database > CVE-2024-43373

Mend.io Vulnerability Database

CVE-2024-43373

Good to know:

Date: August 15, 2024

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1.

Language: C++

Severity Score

7.7

Related Resources (6)

Url: https://github.com/j4k0xb/webcrack/commit/4bc5c6f353012ee7edc2cb39d01a728ab7426999

Url: https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w

Url: https://github.com/j4k0xb/webcrack

Url: https://github.com/j4k0xb/webcrack/blob/241f9469e6401f3dabc6373233d85a5e76966b54/packages/webcrack/src/unpack/bundle.ts#L79

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43373

Url: https://www.mend.io/vulnerability-database/CVE-2024-43373

Severity Score

7.7

Weakness Type (CWE)

Input Validation

CWE-20

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version webcrack - 2.14.1

Learn More

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43373

Good to know:

Date: August 15, 2024

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?