Lucene search
AnonymousNODEJS:1612HistoryFeb 22, 2021 - 5:42 p.m.
Command Injection
2021-02-2217:42:01
Anonymous
www.npmjs.com
48
command injection
graphql-tools
git-loader
arbitrary command
upgrade
vulnerable version
EPSS
0.003
Percentile
68.7%
Overview
Affected versions of @graphql-tools/git-loader package are vulnerable to Command Injection. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.
Recommendation
Upgrade to fix version 6.2.6 or later
References
Related
osv
osv
Command Injection in @graphql-tools/git-loader
2021-01-29 18:13:14
CVE-2021-23326
2021-01-20 13:15:12
redhatcve
redhatcve
CVE-2021-23326
2021-02-04 16:22:44
nvd
nvd
CVE-2021-23326
2021-01-20 13:15:12
prion
prion
Command injection
2021-01-20 13:15:00
cvelist
cvelist
CVE-2021-23326 Command Injection
2021-01-20 12:30:15
github
github
Command Injection in @graphql-tools/git-loader
2021-01-29 18:13:14
cve
cve
CVE-2021-23326
2021-01-20 13:15:12
veracode
veracode
Command Injection
2021-01-21 06:59:20