Lucene search
HistoryAug 29, 2022 - 5:15 a.m.
CVE-2022-21165
cve-2022-21165
arbitrary command injection
missing sanitization
child_process.exec()
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
78.1%
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
Affected configurations
Node
font_converter_projectfont_converterMatch1.0.0node.js
ORfont_converter_projectfont_converterMatch1.1.0node.js
ORfont_converter_projectfont_converterMatch1.1.1node.js
Related
prion
prion
Command injection
2022-08-29 05:15:00
osv
osv
Font-Converter Vulnerable to Arbitrary Command Injection
2022-08-29 20:06:54
veracode
veracode
Remote Code Execution
2022-08-30 06:38:41
cve
cve
CVE-2022-21165
2022-08-29 05:15:08
github
github
Font-Converter Vulnerable to Arbitrary Command Injection
2022-08-29 20:06:54
cvelist
cvelist
CVE-2022-21165 Arbitrary Command Injection
2022-08-29 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
78.1%
Related for NVD:CVE-2022-21165