Описание
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.1 (включая)
cpe:2.3:a:fs-git_project:fs-git:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00422
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
EPSS
Процентиль: 62%
0.00422
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
NVD-CWE-noinfo