Описание
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods.
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.25 (исключая)
cpe:2.3:a:fs-path_project:fs-path:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 88%
0.04178
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-77
CWE-77
Связанные уязвимости
EPSS
Процентиль: 88%
0.04178
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-77
CWE-77