EUVD-2022-3981

Malicious code in bioql PyPI...

3a-server (>=0.7.41 <=0.9.10), 3a-server-mongo (>=0.1.0-beta.1 <=1.0.0-beta.1) +457 more potentially affected by CVE-2020-7645 via chrome-launcher (>=0.10.0 <=0.13.1)

chrome-launcher NPM version =0.10.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =5.0.0, =5.0.0, =5.0.0, =0.0.1, =0.1.0, =1.0.2, =2.0.1-pr.52, =0.0.1-alpha.1, =0.1.0, =0.0.1, =2.6.0, =5.0.0 and more Source cves: CVE-2020-7645 Source advisory: OSV:GHSA-GP2J-MG4W-2RH5...

chrome-launcher subject to OS Command Injection

chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the $HOME environment variable in Linux operating systems. This issue is patched in version 0.13.2...

GHSA-GP2J-MG4W-2RH5 chrome-launcher subject to OS Command Injection

chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the $HOME environment variable in Linux operating systems. This issue is patched in version 0.13.2...

Command Injection

chrome-launcher is vulnerable to Command Injection. The vulnerability exists because an attacker can get control of the $HOME environment variable in Linux operating systems, leading to an execution of malicious command...

CVE-2020-7645

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems...

Google chrome-launcher OS command injection vulnerability

Google chrome-launcher is a launcher for launching the Chrome browser from Node.js by Google USA. An operating system command injection vulnerability exists in Google chrome-launcher all versions, which can be exploited to execute arbitrary commands by controlling the $ HOME environment variable ...

CVE-2020-7645

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems...

CVE-2020-7645

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems...

Design/Logic Flaw

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems...

CVE-2020-7645

CVE-2020-7645 affects chrome-launcher and enables OS command injection by manipulating the HOME environment variable on Linux. The issue exists in all versions prior to the patch, with remediation documented as upgrading to version 0.13.2 or later. Reports from GHSA and Veracode describe the vuln...

CVE-2020-7645

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems...

Command Injection

Overview chrome-launcher is a library to launch Google Chrome with ease from node. Affected versions of this package are vulnerable to Command Injection. By controlling the $HOME environment variable in Linux operating systems, an attacker can execute arbitrary code. PoC: var maliciouscode = '&...

3a-server (>=0.7.41 <=0.9.10), 3a-server-mongo (>=0.1.0-beta.1 <=1.0.0-beta.1) +457 more potentially affected by CVE-2020-7645 via chrome-launcher (>=0.10.0 <=0.13.1)

chrome-launcher NPM version =0.10.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =5.0.0, =5.0.0, =5.0.0, =0.0.1, =0.1.0, =1.0.2, =2.0.1-pr.52, =0.0.1-alpha.1, =0.1.0, =0.0.1, =2.6.0, =5.0.0 and more Source cves: CVE-2020-7645 Source advisory: SNYK:JS-CHROMELAUNCHER-537575...