CVE-2019-10803

Опубликовано: 28 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.

Ссылки

https://github.com/L33T-KR3W/push-dir/blob/master/index.js#L139
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PUSHDIR-559009
Exploit
Third Party Advisory
https://github.com/L33T-KR3W/push-dir/blob/master/index.js#L139
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PUSHDIR-559009
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:push-dir_project:push-dir:*:*:*:*:*:node.js:*:*

Версия до 0.4.1 (включая)

EPSS

Процентиль: 68%

0.00578

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-926x-m6m5-3mmp