Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-8M2F-74R2-X3F2
HistoryMar 18, 2022 - 12:01 a.m.

Code injection in accesslog

2022-03-1800:01:10
Google
osv.dev
7
code injection
accesslog
software vulnerability
function constructor

EPSS

0.007

Percentile

80.0%

JSON

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package’s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.

Related

veracode 1
cvelist 1
cve 1
nvd 1
prion 1
github 1
veracode
veracode
Arbitrary Code Injection
2022-03-22 09:02:27
cvelist
cvelist
CVE-2022-25760 Arbitrary Code Injection
2022-03-17 11:20:27
cve
cve
CVE-2022-25760
2022-03-17 12:15:08
nvd
nvd
CVE-2022-25760
2022-03-17 12:15:08
prion
prion
Code injection
2022-03-17 12:15:00
github
github
Code injection in accesslog
2022-03-18 00:01:10

EPSS

0.007

Percentile

80.0%

JSON
Related for OSV:GHSA-8M2F-74R2-X3F2
veracode1cvelist1cve1nvd1prion1github1