Lucene search

CVE-2022-25853

🗓️ 06 Feb 2023 05:11:15Reported by snykType

All versions of semver-tags package vulnerable to Command Injection via getGitTagsRemote function due to improper input sanitization. NV

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Vulnrichment	CVE-2022-25853	6 Feb 202305:00	–	vulnrichment
Veracode	Command Injection	3 Mar 202321:45	–	veracode
NVD	CVE-2022-25853	6 Feb 202305:15	–	nvd
RedhatCVE	CVE-2022-25853	7 Feb 202304:26	–	redhatcve
OSV	GHSA-8H3G-HCWP-6HXQ semver-tags is vulnerable to Command Injection via the getGitTagsRemote function	6 Feb 202306:30	–	osv
Prion	Command injection	6 Feb 202305:15	–	prion
Cvelist	CVE-2022-25853	6 Feb 202305:00	–	cvelist
Github Security Blog	semver-tags is vulnerable to Command Injection via the getGitTagsRemote function	6 Feb 202306:30	–	github

Nvd

Node

semver-tags_project semver-tagsMatch-node.js

[
  {
    "product": "semver-tags",
    "versions": [
      {
        "version": "0",
        "lessThan": "*",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]

Source	Link
security	www.security.snyk.io/vuln/SNYK-JS-SEMVERTAGS-3175612
github	www.github.com/jtrussell/semver-tags/blob/db1ba680bafed0d51e1bb36bd38f2c5439fe8b00/lib/get-tags.js%23L21

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Feb 2023 05:15Current

7.8High risk

Vulners AI Score7.8

CVSS37.4 - 7.8

EPSS0.00086

SSVC

CWE-78