Lucene search
HistoryJan 06, 2023 - 5:15 a.m.
CVE-2022-25923
command injection
user-input sanitization
theprocess functionality
cve-2022-25923
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.3
Confidence
High
EPSS
0.004
Percentile
72.9%
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
Affected configurations
Node
exec-local-bin_projectexec-local-binRange<1.2.0node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| exec-local-bin_project | exec-local-bin | * | cpe:2.3:a:exec-local-bin_project:exec-local-bin:*:*:*:*:*:node.js:*:* |
Related
osv
osv
CVE-2022-25923
2023-01-06 05:15:11
exec-local-bin vulnerable to Command Injection
2023-01-06 06:30:25
cvelist
cvelist
CVE-2022-25923
2023-01-06 05:00:01
prion
prion
Command injection
2023-01-06 05:15:00
cve
cve
CVE-2022-25923
2023-01-06 05:15:11
github
github
exec-local-bin vulnerable to Command Injection
2023-01-06 06:30:25
veracode
veracode
Command Injection
2023-01-15 21:58:16
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.3
Confidence
High
EPSS
0.004
Percentile
72.9%
Related for NVD:CVE-2022-25923