CVE-2022-0841

Опубликовано: 03 мар. 2022

Источник: nvd

CVSS3: 3.8

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.

Ссылки

https://github.com/ljharb/npm-lockfile/commit/bfdb84813260f0edbf759f2fde1e8c816c1478b8
Patch
Third Party Advisory
https://huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1bea9f1
Exploit
Patch
Third Party Advisory
https://github.com/ljharb/npm-lockfile/commit/bfdb84813260f0edbf759f2fde1e8c816c1478b8
Patch
Third Party Advisory
https://huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1bea9f1
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:npm-lockfile_project:npm-lockfile:2.0.3:*:*:*:*:node.js:*:*

cpe:2.3:a:npm-lockfile_project:npm-lockfile:2.0.4:*:*:*:*:node.js:*:*

EPSS

Процентиль: 64%

0.00461

Низкий

3.8 Low

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2022-0841

CVSS3: 5.3

redhat

почти 4 года назад

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.

GHSA-cr6m-62pq-hmqh

CVSS3: 9.8

github

почти 4 года назад

OS Command injection in npm-lockfile

EPSS

Процентиль: 64%

0.00461

Низкий

3.8 Low

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78