18 matches found
EUVD-2025-27152
Malicious code in bioql PyPI...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
@open-xchange/appsuite-codeceptjs (>=0.2.0 <=0.6.2), c-configure (>=1.0.1 <=2.1.5) +3 more potentially affected by CVE-2025-57285 via codeceptjs (>=3.0.7 <=3.6.7)
codeceptjs NPM version =3.0.7, =0.2.0, =1.0.1, =7.0.23, =1.0.4, =1.0.0, =1.0.4 Source cves: CVE-2025-57285 Source advisory: SNYK:JS-CODECEPTJS-12670804...
GHSA-34W8-MCWR-VG29 CodeceptJS's incomprehensive sanitation can lead to Command Injection
CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary...
Arbitrary Command Injection
Overview codeceptjs is a Supercharged End 2 End Testing Framework for NodeJS Affected versions of this package are vulnerable to Arbitrary Command Injection via the emptyFolder function. An attacker can execute arbitrary system commands by supplying crafted input to the directoryPath parameter...
@open-xchange/appsuite-codeceptjs (>=0.2.0 <=0.6.2), create-fintech-automation-test (>=1.0.4 <=1.0.5) +1 more potentially affected by CVE-2025-57285 via codeceptjs (>=3.6.10 <=3.6.7)
codeceptjs NPM version =3.6.10, =0.2.0, =1.0.4, =1.0.0, =1.0.4 Source cves: CVE-2025-57285 Source advisory: OSV:GHSA-34W8-MCWR-VG29...
CodeceptJS's incomprehensive sanitation can lead to Command Injection
CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
CVE-2025-57285
CVE-2025-57285 affects CodeceptJS 3.7.3, where the emptyFolder function in lib/utils.js uses execSync with a user-controlled directoryPath unsafely, enabling potential command execution. The IBM and OSSV/GHSA entries corroborate the vulnerability in CodeceptJS and note versions around 3.5.0–3.7.5...
CodeceptJS 安全漏洞
CodeceptJS is a testing framework from CodeceptJS open source. A security vulnerability exists in CodeceptJS version 3.7.3, which stems from a command injection in the emptyFolder function...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
PT-2025-36489
Name of the Vulnerable Software and Affected Versions: codeceptjs version 3.7.3 Description: codeceptjs version 3.7.3 contains a command injection issue in the emptyFolder function located in lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter...
Malicious code in @frozen-team-qa/codeceptjs (npm)
The package @frozen-team-qa/codeceptjs was found to contain malicious code...
MAL-2025-7949 Malicious code in @frozen-team-qa/codeceptjs (npm)
The package @frozen-team-qa/codeceptjs was found to contain malicious code...
Malicious code in codeceptjs-browserstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 803e944b4406063368c8940d7f34221d26b1855be2d200abb731f20d97def026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-197 Malicious code in codeceptjs-browserstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 803e944b4406063368c8940d7f34221d26b1855be2d200abb731f20d97def026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...