3 matches found
CVE-2022-29080
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value...
CVE-2022-29080
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value...
CVE-2022-29080
The npm-dependency-versions package for Node.js (≤ 0.3.0) is vulnerable to command injection via dependencyVersions called with a JSON object containing a pkgs key and a value with shell metacharacters, enabling arbitrary command execution. Root cause: insufficient input validation on the pkgs fi...