Описание
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
Ссылки
- Broken Link
- ExploitThird Party Advisory
- Broken Link
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:semver-tags_project:semver-tags:-:*:*:*:*:node.js:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
7.4 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-78
NVD-CWE-Other
CWE-78
Связанные уязвимости
CVSS3: 7.4
redhat
около 3 лет назад
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
CVSS3: 7.8
github
около 3 лет назад
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
EPSS
Процентиль: 23%
0.00077
Низкий
7.4 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-78
NVD-CWE-Other
CWE-78