67 matches found
CVE-2020-15123
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
Command injection
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
CVE-2020-15123
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @authereum/resolution (>=1.10.4 <=1.10.4-beta.4) +168 more potentially affected by CVE-2020-15123 via codecov (>=1.0.1 <=3.7.0)
codecov NPM version =1.0.1, =0.2.9, =1.10.4, =0.1.3-alpha.0, =0.1.19-alpha.0, =0.1.11-alpha.0, =0.1.3-alpha.0, =1.0.8, =2.0.5, =1.0.0, =1.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2020-15123 Source advisory: OSV:GHSA-XP63-6VF5-XF3V...
Command injection in codecov (npm package)
Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...
GHSA-XP63-6VF5-XF3V Command injection in codecov (npm package)
Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...
CVE-2020-15123
The CVE-2020-15123 entry concerns the npm package codecov-node (used with the Codecov npm package). A vulnerable path is the upload method, which allows command injection. The underlying issue is in how input is handled in the upload flow, enabling execution of arbitrary commands if malicious inp...
CVE-2020-15123 Command injection in codecov (npm package)
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
Command Injection
Overview codecov is a Python report uploader for Codecov. Affected versions of this package are vulnerable to Command Injection. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method. PoC by Snyk codecov --gcov-args='& echo test vuln1.txt'...
codecov NPM module allows remote attackers to execute arbitrary commands
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
GHSA-5Q88-CJFQ-G2MH codecov NPM module allows remote attackers to execute arbitrary commands
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @authereum/resolution (>=1.10.4 <=1.10.4-beta.4) +161 more potentially affected by CVE-2020-15123 +1 more via codecov (>=1.0.1 <=3.6.1)
codecov NPM version =1.0.1, =0.2.9, =1.10.4, =1.0.8, =2.0.5, =1.0.0, =1.0.1, =0.0.1, =0.0.1, =0.1.2-dev-1, =1.0.0, =0.0.29, =1.0.0, =1.2.1 and more Source cves: CVE-2020-15123, CVE-2020-7597 Source advisory: OSV:GHSA-5Q88-CJFQ-G2MH...
Remote Code Execution (RCE)
codecov is vulnerable to remote code execution RCE. Due to an incomplete fix of CVE-2020-7596, the gcov-root and ather parameters are not sanitized properly and being executed in the exe function of lib/codecov.js, allowing an attacker to trigger RCE...
Codecov-node npm module command execution vulnerability
The codecov-node npm module is an application global coverage module. A security vulnerability exists in codecov-node npm module versions prior to 3.6.5. A remote attacker can exploit the vulnerability to execute arbitrary commands...
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
CVE-2020-7597
CVE-2020-7597 (codecov-node) affects the npm package codecov-node before 3.6.5. The issue allows remote attackers to execute arbitrary commands because the value passed as part of the gcov-root argument is executed by the exec function in lib/codecov.js. Root cause is an incomplete fix of CVE-202...
Command Injection
Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fi...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @dpjayasekara/tscore (>=0.0.1 <=0.1.1) +29 more potentially affected by CVE-2020-7596 +1 more via codecov (>=3.0.0 <=3.6.1)
codecov NPM version =3.0.0, =0.2.9, =0.0.1, =0.0.29, =1.0.10, =1.0.18, =1.0.0, =1.7.0, =1.0.1, =1.0.8, =0.1.1, =0.1.6, =0.1.1, =0.0.1, =1.17.0, =1.22.16 and more Source cves: CVE-2020-7596, CVE-2020-7597 Source advisory: SNYK:JS-CODECOV-548879...