Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.4 views

SUSE CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

6.5CVSS7AI score0.00991EPSS
Exploits1References4
OSV
OSV
added 2022/05/24 5:7 p.m.3 views

GHSA-MH2H-6J8Q-X246 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument...

8.8CVSS6.2AI score0.01859EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/07/20 6:15 p.m.4 views

CVE-2020-15123

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

9.3CVSS5.7AI score0.03805EPSS
Exploits2References6Affected Software1
Snyk
Snyk
added 2020/02/16 1:17 p.m.3 views

Command Injection

Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fi...

8.8CVSS7AI score0.02918EPSS
Exploits2References2
Snyk
Snyk
added 2020/01/08 11:3 a.m.1 views

Command Injection

Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-args argument is executed by the exec function within lib/codecov.js. PoC by JHU System Security Lab var root =...

8.8CVSS7AI score0.01859EPSS
Exploits1References2
Rows per page
Query Builder