exploitDog

CVE-2021-45459

Опубликовано: 22 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.

Ссылки

https://github.com/coreybutler/node-windows/compare/1.0.0-beta.5...1.0.0-beta.6
Patch
Third Party Advisory
https://github.com/dwisiswant0/advisory/issues/4
Exploit
Issue Tracking
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220107-0004/
Third Party Advisory
https://github.com/coreybutler/node-windows/compare/1.0.0-beta.5...1.0.0-beta.6
Patch
Third Party Advisory
https://github.com/dwisiswant0/advisory/issues/4
Exploit
Issue Tracking
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220107-0004/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:node-windows_project:node-windows:*:*:*:*:*:node.js:*:*

Версия до 0.1.14 (включая)

cpe:2.3:a:node-windows_project:node-windows:1.0.0:beta1:*:*:*:node.js:*:*

cpe:2.3:a:node-windows_project:node-windows:1.0.0:beta2:*:*:*:node.js:*:*

cpe:2.3:a:node-windows_project:node-windows:1.0.0:beta3:*:*:*:node.js:*:*

cpe:2.3:a:node-windows_project:node-windows:1.0.0:beta4:*:*:*:node.js:*:*

cpe:2.3:a:node-windows_project:node-windows:1.0.0:beta5:*:*:*:node.js:*:*

EPSS

Процентиль: 88%

0.03882

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-53xv-c2hx-5w6q

CVSS3: 9.8

github

около 4 лет назад

Command Injection in node-windows

EPSS

Процентиль: 88%

0.03882

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77