GHSA-53xj-v576-3ch2

Опубликовано: 13 апр. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

OS Command Injection in giting

giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull() is executed by the package without any validation.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2019-10802
https://snyk.io/vuln/SNYK-JS-GITING-559008
https://web.archive.org/web/20201208120654/https://github.com/MangoRaft/git/commit/9be41081f547d3dcef25e7d7c957bc2a3be2dfe0

Пакеты

Наименование

giting

npm

Затронутые версииВерсия исправления

<= 0.0.8

Отсутствует

EPSS

Процентиль: 70%

0.00646

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10802

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-10802

CVSS3: 9.8

nvd

почти 6 лет назад

giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.

EPSS

Процентиль: 70%

0.00646

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10802

Дефекты

CWE-78