exploitDog

CVE-2022-25171

Опубликовано: 20 дек. 2022

Источник: nvd

CVSS3: 7.4

CVSS3: 9.8

EPSS Низкий

Описание

The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization

Ссылки

https://github.com/natelong/p4/blob/master/p4.js%23L12
Broken Link
Third Party Advisory
https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fb
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-P4-3167330
Exploit
Patch
Third Party Advisory
https://github.com/natelong/p4/blob/master/p4.js%23L12
Broken Link
Third Party Advisory
https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fb
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-P4-3167330
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:p4_project:p4:*:*:*:*:*:node.js:*:*

Версия до 0.0.7 (исключая)

EPSS

Процентиль: 83%

0.01909

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-jfm8-hwhg-r6gg

CVSS3: 7.4

github

около 3 лет назад

p4 vulnerable to Command Injection due to improper input sanitization

EPSS

Процентиль: 83%

0.01909

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78