Описание
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
A flaw was found in global-modules-path. This issue may allow command injection via getPath due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
Отчет
Red Hat Process Automation Manager and Red Hat Decision Manager, although they may have references to global-modules-path, are considered moderate as there is no usage of the getPath method. Also, the currently lifecycle of those products are considered out of support scope.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | global-modules-path | Out of support scope | ||
| Red Hat Process Automation 7 | global-modules-path | Out of support scope |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
global-modules-path Command Injection vulnerability
9.8 Critical
CVSS3