3 matches found
CVE-2022-21191
creationtimestamp| type| source ---|---|--- 2023-01-13 07:31:08+00:00| seen| https://t.me/cibsecurity/56479 2025-04-04 15:36:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10473...
@airy/maleo (>=0.0.1-canary.49 <=0.3.1-canary.36), @audentio/kinetic (>=0.1.0 <=0.1.12) +206 more potentially affected by CVE-2022-21191 via global-modules-path (>=1.0.0 <=2.3.1)
global-modules-path NPM version =1.0.0, =0.0.1-canary.49, =0.1.0, =6.4.0, =0.1.0, =8.0.0, =0.0.6, =0.1.0-latest.1a450bb3, =0.1.0, =1.0.0, =0.0.22-alpha.1, =0.1.0, =1.1.3, =0.9.0, =0.0.1, =0.0.2 and more Source cves: CVE-2022-21191 Source advisory: OSV:GHSA-VVJ3-85VF-FGMW...
CVE-2022-21191
CVE-2022-21191 concerns the npm package global-modules-path . Versions prior to 3.0.0 are vulnerable to a Command Injection via the internal getPath function caused by missing input sanitization and sandboxing. The result is a high-risk condition, with confirmed references across multiple sources...