5 matches found
SUSE CVE-2019-10800
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...
GHSA-MH2H-6J8Q-X246 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument...
CVE-2020-15123
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
Command Injection
Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fi...
Command Injection
Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-args argument is executed by the exec function within lib/codecov.js. PoC by JHU System Security Lab var root =...