Количество 2
Количество 2
CVE-2021-32830
The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE.
GHSA-8c3f-x5f9-6h62
Command injection in @diez/generation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-32830 The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE. | CVSS3: 3.9 | 0% Низкий | больше 4 лет назад |
| GHSA-8c3f-x5f9-6h62 Command injection in @diez/generation | CVSS3: 3.9 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу