Lucene search

SnykCVELIST:CVE-2022-25923

HistoryJan 06, 2023 - 5:00 a.m.

CVE-2022-25923

2023-01-0605:00:01

snyk

www.cve.org

package vulnerability

command injection

user input validation

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

10 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.

CNA Affected

[
  {
    "product": "exec-local-bin",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.2.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]

References

github.com/saeedseyfi/exec-local-bin/blob/92db00bde9d6e2d83410849f898df12f075b73b0/index.js%23L9

github.com/saeedseyfi/exec-local-bin/commit/d425866375c85038133a6f79db2aac66c0a72624

security.snyk.io/vuln/SNYK-JS-EXECLOCALBIN-3157956

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

10 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for CVELIST:CVE-2022-25923