Lucene search
GoogleOSV:GHSA-5Q88-CJFQ-G2MHHistoryFeb 19, 2020 - 5:29 p.m.
codecov NPM module allows remote attackers to execute arbitrary commands
2020-02-1917:29:39
Google
osv.dev
5
0.016 Low
EPSS
Percentile
87.5%
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
Related
osv
osv
CVE-2020-7597
2020-02-17 19:15:12
Command injection in codecov (npm package)
2020-07-20 17:20:20
CVE-2020-15123
2020-07-20 18:15:12
veracode
veracode
OS Command Injection
2020-07-21 01:33:21
Remote Code Execution (RCE)
2020-02-18 03:57:59
OS Command Injection
2020-01-28 02:31:25
prion
prion
Command injection
2020-07-20 18:15:00
Design/Logic Flaw
2020-02-17 19:15:00
Command injection
2020-01-25 19:15:00
cve
cve
github
github
Command injection in codecov (npm package)
2020-07-20 17:20:20
codecov NPM module allows remote attackers to execute arbitrary commands
2020-02-19 17:29:39
cvelist
cvelist
CVE-2020-15123 Command injection in codecov (npm package)
2020-07-20 17:20:16
CVE-2020-7597
2020-02-17 18:48:40
CVE-2020-7596
2020-01-25 18:08:41
nvd
nvd
githubexploit
githubexploit
Exploit for OS Command Injection in Codecov
2020-12-01 09:45:48