Input validation

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Command Injection

theme-core is vulnerable to command injection. An attacker may inject malicious command via the lib/utils.js. The vulnerability exists due to the insecure usage of the exec function with unsanitized values...

OS Command Injection

gfc is vulnerable to OS command injection. The vulnerability exists through the lack of sanitization of the options argument which leads to passing of untrusted user input to an exec function call...

OS Command Injection

@knutkirkhorn/free-space is vulnerable to OS command injection. The vulnerability exists as command injection is possible through the usage of the user controlled variable, $disk, which is passed into the exec function without validation...

OS Command Injection

standard-version is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system due to passing of untrusted user input without validation through the exec function...

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

Design/Logic Flaw

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688 Command Injection

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688

The CVE-2020-7688 issue affects the npm package mversion . The vulnerability arises because the value of the input field tagName is formatted into a call to exec() without validation, enabling potential command injection. A proof-of-concept demonstrates injecting shell commands via tagName, illus...

The vulnerability of the exec function in the npm-programmatic package manager NPM allows a hacker to execute arbitrary code.

The vulnerability of the exec function in the npm-programmatic package manager NPM is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted malicious package...

Design/Logic Flaw

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

CVE-2020-12078

CVE-2020-12078 - Open-AudIT 3.3.1 : A shell metacharacter injection flaw exists in the open-audit/configuration/ URI. The exclude_ip value from global discovery settings is passed to an unfiltered exec in discoveries_helper.php (inside all_ip_list), allowing a payload to execute commands. Connect...

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

OS Command Injection

npm-programmatic is vulnerable to OS command injection. The packages and option properties are concatenated and directly passed to an exec function...

OS Command Injection in devcert-sanscache

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

Command injection

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

Vulnerability of the `exec` function in the gulp-scss-lint package from the NPM package manager, allowing attackers to execute arbitrary commands.

The vulnerability of the exec function in the src/command.js file of the gulp-scss-lint package exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...