Lucene search
K

105 matches found

Node.js
Node.js
added 2020/01/17 9:40 p.m.12 views

Command Injection

Overview All versions of npm-git-publish are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an execSync call, which may allow attackers to execute arbitrary code in the system. The publish function is vulnerable through the gitRemoteUrl variable...

7.8AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/01/13 2:54 a.m.8 views

Arbitrary Command Injection

npm-git-publish is vulnerable to arbitrary command injection. The vulnerability exists as gitRemoteUrl and gitRepoDir in lib/publish.ts are not sanitized, and are passed to execSync as a value to be executed...

3.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2019/12/30 7:30 p.m.135 views

Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

9.9CVSS9.4AI score0.84845EPSS
Exploits3References9Affected Software1
OSV
OSV
added 2018/11/09 5:45 p.m.3 views

GHSA-38H8-X697-GH8Q Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

6.5CVSS7.3AI score0.02557EPSS
Exploits0References6
Hacker One
Hacker One
added 2018/03/11 8:19 p.m.28 views

Node.js third-party modules: `fs-path` concatenates unsanitized input into exec()/execSync() commands

I would like to report command injection in fs-path. It allows to inject and execute arbitrary shell commands while performing various operations from fs-path API like copying files. Module module name: fs-path version: 0.0.24 npm page: https://www.npmjs.com/package/fs-path Module Description...

10CVSS0.5AI score0.11168EPSS
Exploits1
Rows per page
Query Builder