5 matches found
EUVD-2021-0979
Malware in sbrugna...
@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), alexa-scripts (>=0.2.0 <=0.3.4) +4 more potentially affected by CVE-2020-7730 via bestzip (>=1.1.3 <=2.1.6)
bestzip NPM version =1.1.3, =0.1.7, =0.2.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7730 Source advisory: OSV:GHSA-6XV6-JPVW-CX6Q...
CVE-2020-7730
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...
@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), alexa-scripts (>=0.2.0 <=0.3.4) +4 more potentially affected by unknown CVE via bestzip (>=1.1.3 <=2.1.6)
bestzip NPM version =1.1.3, =0.1.7, =0.2.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-4QQC-MP5F-CCV4...
GHSA-4QQC-MP5F-CCV4 Command Injection in bestzip
Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...