8 matches found
EUVD-2020-0290
Malware in sbrugna...
CVE-2020-7596
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument...
GHSA-5Q88-CJFQ-G2MH codecov NPM module allows remote attackers to execute arbitrary commands
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
Remote Code Execution (RCE)
codecov is vulnerable to remote code execution RCE. Due to an incomplete fix of CVE-2020-7596, the gcov-root and ather parameters are not sanitized properly and being executed in the exe function of lib/codecov.js, allowing an attacker to trigger RCE...
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
CVE-2020-7596
CVE-2020-7596 affects the codecov-node npm module and its code path that processes the gcov-args/gcov-root argument. Multiple connected sources confirm that codecov-node prior to 3.6.5 (and originally up to 3.6.2 for the core CVE-2020-7596 fix) allows remote attackers to execute arbitrary command...
@dpjayasekara/tscore (>=0.0.1 <=0.1.1), @futagoza/dev (=0.0.0) +14 more potentially affected by CVE-2020-7596 via codecov (>=3.0.0 <=3.6.1)
codecov NPM version =3.0.0, =0.0.1, =0.0.29, =1.0.10, =1.0.18, =1.0.0, =1.7.0, =1.0.1, =1.0.8, =1.17.0, =1.15.3, =3.0.0, =1.0.14, =4.4.1-beta.1, =6.0.0-beta.0 and more Source cves: CVE-2020-7596 Source advisory: SNYK:JS-CODECOV-543183...