EUVD-2021-0979

Malware in sbrugna...

Command injection in bestzip

Overview Affected versions of the package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. Recommendation Upgrade to version 2.1.7 or later References - CVE - GitHub Advisory...

Command injection in bestzip

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), alexa-scripts (>=0.2.0 <=0.3.4) +4 more potentially affected by CVE-2020-7730 via bestzip (>=1.1.3 <=2.1.6)

bestzip NPM version =1.1.3, =0.1.7, =0.2.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7730 Source advisory: OSV:GHSA-6XV6-JPVW-CX6Q...

GHSA-6XV6-JPVW-CX6Q Command injection in bestzip

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

CVE-2020-7730

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

CVE-2020-7730

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

Command injection

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

CVE-2020-7730

CVE-2020-7730 affects the npm package bestzip prior to version 2.1.7, which is vulnerable to Command Injection via the options parameter. The vulnerability is described across multiple sources (NVD/NVDC, OSV, GitHub advisories, and npm advisories) with a high-severity impact (CVSS v3.1: CRITICAL,...

OS Command Injection

bestzip is vulnerable to OS command injection. A remote attacker is able to inject and execute arbitrary OS commands on the host OS via the destination parameter...

GHSA-4QQC-MP5F-CCV4 Command Injection in bestzip

Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...

@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), alexa-scripts (>=0.2.0 <=0.3.4) +4 more potentially affected by unknown CVE via bestzip (>=1.1.3 <=2.1.6)

bestzip NPM version =1.1.3, =0.1.7, =0.2.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-4QQC-MP5F-CCV4...

Command Injection in bestzip

Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...

Command Injection

Overview Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is...

Command Injection

Overview bestzip is an Uses OS zip command if avaliable for better performance and speed or node.js version if there is no system command avaliable. Can be called via node or command line. Affected versions of this package are vulnerable to Command Injection via the options param. Remediation...

@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), vulnerable-js (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-7730 via bestzip (=2.1.6)

bestzip NPM version =2.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on bestzip and may be impacted: - @adobe/aem-site-template-builder =0.1.7, =1.0.0, =1.0.2 Source cves: CVE-2020-7730 Source advisory: SNYK:JS-BESTZIP-609371...