CVE-2019-10791

Опубликовано: 18 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.

Ссылки

https://github.com/dottgonzo/node-promise-probe/commit/0d9affb67fc1ad985903536d35372cf55efe5a45%2C
https://snyk.io/vuln/SNYK-JS-PROMISEPROBE-546816
Exploit
Patch
Third Party Advisory
https://github.com/dottgonzo/node-promise-probe/commit/0d9affb67fc1ad985903536d35372cf55efe5a45%2C
https://snyk.io/vuln/SNYK-JS-PROMISEPROBE-546816
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:promise-probe_project:promise-probe:*:*:*:*:*:node.js:*:*

Версия до 0.10.0 (исключая)

EPSS

Процентиль: 87%

0.03343

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-vmqq-7qvx-68qx