4 matches found
CVE-2019-10807
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...
@caiwenshu/cqc (>=0.5.2 <=0.5.3), @dimax-ar/dimax-scripts (>=1.0.0-alpha.1 <=1.0.0-alpha.8) +31 more potentially affected by CVE-2019-10807 via blamer (=0.1.13)
blamer NPM version =0.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on blamer and may be impacted: - @caiwenshu/cqc =0.5.2, =1.0.0-alpha.1, =0.30.66, =1.0.0, =1.0.15, =1.0.5, =1.0.0, =1.0.0, =1.0.5, =1.4.19, =1.0.1, =1.0.0, =0.0.1, =0.0.2 and more...
CVE-2019-10807
Blamer (software) is affected by an OS command injection vulnerability. In versions prior to 1.0.1, user-provided arguments to Blamer can be exploited to execute arbitrary commands on the system. The root cause is improper handling of input that enables injection via the command execution path. I...
CVE-2019-10807
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...