Описание
Withdrawn Advisory: OS Command Injection in effect
Withdrawn Advisory
This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem.
Additionally, the CVE Numbering Authority that issued the CVE for CVE-2020-7624 has updated their advisory stating that "This was deemed not a vulnerability."
Original Description
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.
Пакеты
Наименование
effect
npm
Затронутые версииВерсия исправления
<= 1.0.4
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
почти 6 лет назад
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.