CVE-2016-10541

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.

Ссылки

https://github.com/advisories/GHSA-qg8p-v9q4-gh34
Exploit
Third Party Advisory
https://nodesecurity.io/advisories/117
Third Party Advisory
https://github.com/advisories/GHSA-qg8p-v9q4-gh34
Exploit
Third Party Advisory
https://nodesecurity.io/advisories/117
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shell-quote_project:shell-quote:*:*:*:*:*:node.js:*:*

Версия до 1.6.1 (исключая)

EPSS

Процентиль: 60%

0.00397

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

CWE-94

Связанные уязвимости

CVE-2016-10541

CVSS3: 9.8

ubuntu

больше 7 лет назад

CVE-2016-10541

CVSS3: 8.4

redhat

больше 9 лет назад

CVE-2016-10541

CVSS3: 9.8

debian

больше 7 лет назад

The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ...

GHSA-qg8p-v9q4-gh34

CVSS3: 9.8

github

почти 7 лет назад

Potential Command Injection in shell-quote

EPSS

Процентиль: 60%

0.00397

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

CWE-94