Lucene search

GitHub Advisory DatabaseGHSA-FG5W-W99F-RJ6W

HistoryJun 08, 2021 - 11:15 p.m.

Command Injection in @ronomon/opened

2021-06-0823:15:35

CWE-77

GitHub Advisory Database

github.com

vulnerability

command injection

@ronomon/opened

remote attacker

execute commands

untrusted input

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.6%

JSON

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

Affected configurations

Vulners

Node

ronomonopenedRange<1.5.2

VendorProductVersionCPE
ronomonopened*cpe:2.3:a:ronomon:opened:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ronomon	opened	*	cpe:2.3:a:ronomon:opened::::::::

References

advisory.checkmarx.net/advisory/CX-2021-4775

github.com/advisories/GHSA-fg5w-w99f-rj6w

github.com/ronomon/opened/commit/7effe011d4fea8fac7f78c00615e0a6e69af68ec

nvd.nist.gov/vuln/detail/CVE-2021-29300

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.6%

JSON

Related for GHSA-FG5W-W99F-RJ6W