8 matches found
EUVD-2022-0042
Malicious code in bioql PyPI...
CVE-2020-15123
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
codecov 参数注入漏洞
codecov is a specialized code coverage solution open-sourced by codecov. A security vulnerability exists in codecov versions prior to 2.0.16, which stems from not cleaning up the gcov parameter before supplying it to the popen method...
GHSA-MH2H-6J8Q-X246 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @authereum/resolution (>=1.10.4 <=1.10.4-beta.4) +168 more potentially affected by CVE-2020-15123 via codecov (>=1.0.1 <=3.7.0)
codecov NPM version =1.0.1, =0.2.9, =1.10.4, =0.1.3-alpha.0, =0.1.19-alpha.0, =0.1.11-alpha.0, =0.1.3-alpha.0, =1.0.8, =2.0.5, =1.0.0, =1.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2020-15123 Source advisory: OSV:GHSA-XP63-6VF5-XF3V...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @authereum/resolution (>=1.10.4 <=1.10.4-beta.4) +161 more potentially affected by CVE-2020-15123 +1 more via codecov (>=1.0.1 <=3.6.1)
codecov NPM version =1.0.1, =0.2.9, =1.10.4, =1.0.8, =2.0.5, =1.0.0, =1.0.1, =0.0.1, =0.0.1, =0.1.2-dev-1, =1.0.0, =0.0.29, =1.0.0, =1.2.1 and more Source cves: CVE-2020-15123, CVE-2020-7597 Source advisory: OSV:GHSA-5Q88-CJFQ-G2MH...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @dpjayasekara/tscore (>=0.0.1 <=0.1.1) +29 more potentially affected by CVE-2020-7596 +1 more via codecov (>=3.0.0 <=3.6.1)
codecov NPM version =3.0.0, =0.2.9, =0.0.1, =0.0.29, =1.0.10, =1.0.18, =1.0.0, =1.7.0, =1.0.1, =1.0.8, =0.1.1, =0.1.6, =0.1.1, =0.0.1, =1.17.0, =1.22.16 and more Source cves: CVE-2020-7596, CVE-2020-7597 Source advisory: SNYK:JS-CODECOV-548879...
@aliyun-sls/sql (>=0.2.9 <=0.3.10-dev-18), @dpjayasekara/tscore (>=0.0.1 <=0.1.1) +29 more potentially affected by CVE-2020-7596 via codecov (>=3.0.0 <=3.6.1)
codecov NPM version =3.0.0, =0.2.9, =0.0.1, =0.0.29, =1.0.10, =1.0.18, =1.0.0, =1.7.0, =1.0.1, =1.0.8, =0.1.1, =0.1.6, =0.1.1, =0.0.1, =1.17.0, =1.22.16 and more Source cves: CVE-2020-7596 Source advisory: SNYK:JS-CODECOV-543183...