CVE-2024-43373

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43373
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43373.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43373
Aliases
Published
2024-08-15T14:31:34Z
Modified
2025-10-15T13:08:25.933430Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L CVSS Calculator
Summary
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Details

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary .js files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1.

References

Affected packages

Git / github.com/j4k0xb/webcrack

Affected ranges

Type
GIT
Repo
https://github.com/j4k0xb/webcrack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1.0
v1.10.0
v1.11.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.9.0
v1.9.1

v2.*

v2.0.0
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.11.0
v2.12.0
v2.12.1
v2.13.0
v2.14.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.8.0
v2.9.0
v2.9.1

Git / github.com/j4k0xb/webcrack

Affected ranges

Type
GIT
Repo
https://github.com/j4k0xb/webcrack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1.0
v1.10.0
v1.11.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.9.0
v1.9.1

v2.*

v2.0.0
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.11.0
v2.12.0
v2.12.1
v2.13.0
v2.14.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.8.0
v2.9.0
v2.9.1