GHSA-chj3-f7xw-367m

Опубликовано: 11 июн. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

OS Command Injection in git-promise

All versions of package git-promise is vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.

Credits

@lirantal for discovering this vulnerability.

Ссылки

Пакеты

Наименование

git-promise

npm

Затронутые версииВерсия исправления

<= 1.0.0

Отсутствует

EPSS

Процентиль: 85%

0.02518

Низкий

7.2 High

CVSS3

CVE ID

CVE-2022-24376

Дефекты

CWE-77

CWE-88

Связанные уязвимости

CVE-2022-24376

CVSS3: 7.2

nvd

больше 3 лет назад

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.

EPSS

Процентиль: 85%

0.02518

Низкий

7.2 High

CVSS3

CVE ID

CVE-2022-24376

Дефекты

CWE-77

CWE-88