Описание
fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.5.1 (включая)
cpe:2.3:a:fsa_project:fsa:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00477
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-78
Связанные уязвимости
EPSS
Процентиль: 64%
0.00477
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-78