GHSA-84cm-v6jp-gjmr

Опубликовано: 14 фев. 2020

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2019-10776
https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5
https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774
https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,

Пакеты

Наименование

git-diff-apply

npm

Затронутые версииВерсия исправления

<= 0.22.1

0.22.2

EPSS

Процентиль: 42%

0.00195

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10776

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-10776

CVSS3: 9.8

nvd

около 6 лет назад

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.

EPSS

Процентиль: 42%

0.00195

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10776

Дефекты

CWE-78