Lucene search
GoogleOSV:GHSA-C9J3-WQPH-5XX9HistorySep 17, 2018 - 8:43 p.m.
Command Injection in egg-scripts
2018-09-1720:43:34
Google
osv.dev
9
EPSS
0.003
Percentile
71.0%
Versions of egg-scripts before 2.8.1 are vulnerable to command injection. This is only exploitable if a malicious argument is provided on the command line.
Example:
eggctl start --daemon --stderr='/tmp/eggctl_stderr.log; touch /tmp/malicious'
Recommendation
Update to version 2.8.1 or later.
References
Related
cvelist
cvelist
CVE-2018-3786
2018-08-24 20:00:00
github
github
Command Injection in egg-scripts
2018-09-17 20:43:34
Command Injection in standard-version
2020-07-13 21:34:59
osv
osv
CVE-2018-3786
2018-08-24 20:29:00
Command Injection in standard-version
2020-07-13 21:34:59
nvd
nvd
CVE-2018-3786
2018-08-24 20:29:00
hackerone
hackerone
Node.js third-party modules: [egg-scripts] Command injection
2018-07-31 13:54:26
veracode
veracode
Shell Command Injection
2018-08-20 09:06:27
prion
prion
Command injection
2018-08-24 20:29:00
cve
cve
CVE-2018-3786
2018-08-24 20:29:00