@cyber-insight/cyber-scripts (>=1.7.9 <=6.0.0-alpha.4), @cyber.insight/cyber-scripts (>=1.0.0 <=1.0.2) +4 more potentially affected by CVE-2020-7795 via get-npm-package-version (=1.0.6)

get-npm-package-version NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on get-npm-package-version and may be impacted: - @cyber-insight/cyber-scripts =1.7.9, =1.0.0, =5.0.20, =1.0.0, =1.0.7 - temp-test-scripts =0.0.30 Source cves:...

GHSA-4H66-VGHF-XG5X get-npm-package-version Command Injection vulnerability

The package get-npm-package-version before 1.0.7 is vulnerable to Command Injection via the main function in index.js...

CVE-2020-7795

CVE-2020-7795 affects the npm package get-npm-package-version prior to 1.0.7. The vulnerability is a command injection flaw exploited via the main function in index.js, enabling arbitrary code execution. Public sources (e.g., Veracode, PSIRT notes) describe the issue as a command injection with i...

get-npm-package-version 命令注入漏洞

get-npm-package-version is a package for hoperyy individual developers. It is used to get the npm package version. A command injection vulnerability exists in get-npm-package-version before 1.0.7, which is caused by command injection via the main function in index.js...

PT-2022-9062 · Unknown · Get-Npm-Package-Version

Name of the Vulnerable Software and Affected Versions: get-npm-package-version versions prior to 1.0.7 Description: The issue concerns Command Injection via the main function in index.js. Recommendations: For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a...

@cyber-insight/cyber-scripts (>=1.7.9 <=6.0.0-alpha.4), @cyber.insight/cyber-scripts (>=1.0.0 <=1.0.2) +4 more potentially affected by CVE-2020-7795 via get-npm-package-version (=1.0.6)

get-npm-package-version NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on get-npm-package-version and may be impacted: - @cyber-insight/cyber-scripts =1.7.9, =1.0.0, =5.0.20, =1.0.0, =1.0.7 - temp-test-scripts =0.0.30 Source cves:...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via main function in index.js. PoC var a = require"get-npm-package-version"; a"& touch JHU"; Remediation Upgrade get-npm-package-version to version 1.0.7 or higher. References - GitHub Commit - NPM Package - Vulnerable...