Описание
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
Ссылки
- Broken Link
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Broken Link
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:exec-local-bin_project:exec-local-bin:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 82%
0.01647
Низкий
7.4 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
NVD-CWE-Other
CWE-77
Связанные уязвимости
EPSS
Процентиль: 82%
0.01647
Низкий
7.4 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
NVD-CWE-Other
CWE-77