Lucene search

K
githubGitHub Advisory DatabaseGHSA-6HR9-4692-FCH9
HistoryFeb 10, 2022 - 11:45 p.m.

Withdrawn Advisory: OS Command Injection in effect

2022-02-1023:45:54
CWE-78
GitHub Advisory Database
github.com
21

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%

Withdrawn Advisory

This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem.

Additionally, the CVE Numbering Authority that issued the CVE for CVE-2020-7624 has updated their advisory stating that β€œThis was deemed not a vulnerability.”

Original Description

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.

Affected configurations

Vulners
Node
github_advisory_databaseeffectRange≀1.0.4
CPENameOperatorVersion
effectle1.0.4

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%

Related for GHSA-6HR9-4692-FCH9