Lucene search
GoogleOSV:GHSA-3GX7-XHV7-5MX3HistoryAug 26, 2019 - 4:59 p.m.
Arbitrary Code Execution in eslint-utils
2019-08-2616:59:56
Google
osv.dev
6
0.004 Low
EPSS
Percentile
72.4%
Versions of eslint-utils >=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. The getStaticValue does not properly sanitize user input allowing attackers to supply malicious input that executes arbitrary code during the linting process. The getStringIfConstant and getPropertyName functions are not affected.
Recommendation
Upgrade to version 1.4.1 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eslint-utils | lt | 1.4.1 | |
| eslint-utils | ge | 1.2.0 |
References
eslint.org/blog/2019/08/eslint-v6.2.1-released
github.com/advisories/GHSA-3gx7-xhv7-5mx3
github.com/mysticatea/eslint-utils
github.com/mysticatea/eslint-utils/commit/08158db1c98fd71cf0f32ddefbc147e2620e724c
github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3
nvd.nist.gov/vuln/detail/CVE-2019-15657
www.npmjs.com/advisories/1118
Related
cnvd
cnvd
eslint-utils arbitrary code execution vulnerability
2019-08-27 00:00:00
github
github
Arbitrary Code Execution in eslint-utils
2019-08-26 16:59:56
nvd
nvd
CVE-2019-15657
2019-08-26 23:15:09
osv
osv
CVE-2019-15657
2019-08-26 23:15:09
cvelist
cvelist
CVE-2019-15657
2019-08-26 22:55:12
cve
cve
CVE-2019-15657
2019-08-26 23:15:09
veracode
veracode
Arbitrary Code Execution
2019-08-23 03:02:57
prion
prion
Code injection
2019-08-26 23:15:00
githubexploit
githubexploit
Exploit for Vulnerability in Eslint-Utils Project Eslint-Utils
2020-12-01 09:18:58