EUVD-2023-0565

Malicious code in bioql PyPI...

CVE-2022-21191

A flaw was found in global-modules-path. This issue may allow command injection via getPath due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

Command Injection

global-modules-path is vulnerable to Command Injection. The vulnerability exists due to the insecure usage of execSync in index.js, allowing an attacker to inject and execute malicious commands such as getPath"something & touch abc", "somethingElse & touch def"...

GHSA-VVJ3-85VF-FGMW global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

@airy/maleo (>=0.0.1-canary.49 <=0.3.1-canary.36), @audentio/kinetic (>=0.1.0 <=0.1.12) +206 more potentially affected by CVE-2022-21191 via global-modules-path (>=1.0.0 <=2.3.1)

global-modules-path NPM version =1.0.0, =0.0.1-canary.49, =0.1.0, =6.4.0, =0.1.0, =8.0.0, =0.0.6, =0.1.0-latest.1a450bb3, =0.1.0, =1.0.0, =0.0.22-alpha.1, =0.1.0, =1.1.3, =0.9.0, =0.0.1, =0.0.2 and more Source cves: CVE-2022-21191 Source advisory: OSV:GHSA-VVJ3-85VF-FGMW...

CVE-2022-21191

CVE-2022-21191 concerns the npm package global-modules-path . Versions prior to 3.0.0 are vulnerable to a Command Injection via the internal getPath function caused by missing input sanitization and sandboxing. The result is a high-risk condition, with confirmed references across multiple sources...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

PT-2023-12664 · Unknown · Global-Modules-Path

Name of the Vulnerable Software and Affected Versions: global-modules-path versions prior to 3.0.0 Description: The issue is related to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. This allows for potential exploitation...

global-modules-path 安全漏洞

global-modules-path is a utility that returns the path of a global installation package. A security vulnerability exists in global-modules-path versions prior to 3.0.0, which stems from a lack of cleaning of user input or a failure to sandbox the getPath function...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...