Lucene search
GoogleOSV:GHSA-CR6M-62PQ-HMQHHistoryMar 04, 2022 - 12:00 a.m.
OS Command injection in npm-lockfile
2022-03-0400:00:18
Google
osv.dev
11
0.003 Low
EPSS
Percentile
69.8%
npm-lockfile safely generates an npm lockfile and output it to the filename of your choice. npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability. A fix was released in version 2.0.5.
| CPE | Name | Operator | Version |
|---|---|---|---|
| npm-lockfile | lt | 2.0.5 | |
| npm-lockfile | ge | 2.0.3 |
Related
osv
osv
CVE-2022-0841
2022-03-03 16:15:07
prion
prion
Command injection
2022-03-03 16:15:00
cve
cve
CVE-2022-0841
2022-03-03 16:15:07
redhatcve
redhatcve
CVE-2022-0841
2022-03-04 00:19:23
huntr
huntr
OS Command Injection
2022-02-28 19:32:22
veracode
veracode
OS Command Injection
2022-03-04 05:14:17
cvelist
cvelist
CVE-2022-0841 OS Command Injection in ljharb/npm-lockfile
2022-03-03 15:50:10
nvd
nvd
CVE-2022-0841
2022-03-03 16:15:07
github
github
OS Command injection in npm-lockfile
2022-03-04 00:00:18