Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.9 views

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS7.3AI score0.02918EPSS
Exploits2References1
Veracode
Veracode
added 2020/07/21 1:33 a.m.21 views

OS Command Injection

codecov is vulnerable to OS command injection. The vulnerability exists as it was possibly to use backticks "" to bypass the sanitizer. This issue is related to CVE-2020-7597...

9.3CVSS3AI score0.03805EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/20 5:20 p.m.42 views

Command injection in codecov (npm package)

Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...

9.3CVSS0.9AI score0.03805EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2020/07/20 5:20 p.m.42 views

CVE-2020-15123 Command injection in codecov (npm package)

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

9.3CVSS9.6AI score0.03805EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2020/02/19 5:29 p.m.7 views

@authereum/resolution (>=1.10.4 <=1.10.4-beta.4), @chemistry/crystalview (>=1.0.8 <=1.0.9) +144 more potentially affected by CVE-2020-15123 +1 more via codecov (>=1.0.1 <=3.6.1)

codecov NPM version =1.0.1, =1.10.4, =1.0.8, =1.0.0, =0.0.1, =0.0.1, =0.1.2-dev-1, =1.0.0, =0.0.29, =1.0.0, =1.0.10, =1.0.18, =1.0.0, =1.0.12 and more Source cves: CVE-2020-15123, CVE-2020-7597 Source advisory: OSV:GHSA-5Q88-CJFQ-G2MH...

9.3CVSS7.2AI score0.03805EPSS
Exploits2
OSV
OSV
added 2020/02/17 7:15 p.m.22 views

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS9.5AI score
Exploits0References2
CVE
CVE
added 2020/02/17 6:48 p.m.63 views

CVE-2020-7597

CVE-2020-7597 (codecov-node) affects the npm package codecov-node before 3.6.5. The issue allows remote attackers to execute arbitrary commands because the value passed as part of the gcov-root argument is executed by the exec function in lib/codecov.js. Root cause is an incomplete fix of CVE-202...

8.8CVSS9.1AI score0.02918EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder