CVE-2021-26275

Опубликовано: 19 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted

Ссылки

https://advisory.checkmarx.net/advisory/CX-2021-4774
Exploit
Third Party Advisory
https://www.npmjs.com/package/eslint-fixer
Product
https://advisory.checkmarx.net/advisory/CX-2021-4774
Exploit
Third Party Advisory
https://www.npmjs.com/package/eslint-fixer
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eslint-fixer_project:eslint-fixer:*:*:*:*:*:node.js:*:*

Версия до 0.1.5 (включая)

EPSS

Процентиль: 91%

0.0627

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-45w5-pvr8-4rh5