GHSA-8cxp-cjm8-fj36

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Improper Neutralization of Special Elements used in an OS Command in Blamer

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2019-10807
https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c
https://snyk.io/vuln/SNYK-JS-BLAMER-559541

Пакеты

Наименование

blamer

npm

Затронутые версииВерсия исправления

< 1.0.1

1.0.1

EPSS

Процентиль: 68%

0.00578

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10807

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-10807

CVSS3: 9.8

nvd

почти 6 лет назад

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.

EPSS

Процентиль: 68%

0.00578

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10807

Дефекты

CWE-78