7 matches found
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
OS Command Injection
codecov is vulnerable to OS command injection. The vulnerability exists as it was possibly to use backticks "" to bypass the sanitizer. This issue is related to CVE-2020-7597...
Command injection in codecov (npm package)
Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...
CVE-2020-15123 Command injection in codecov (npm package)
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
@authereum/resolution (>=1.10.4 <=1.10.4-beta.4), @chemistry/crystalview (>=1.0.8 <=1.0.9) +144 more potentially affected by CVE-2020-15123 +1 more via codecov (>=1.0.1 <=3.6.1)
codecov NPM version =1.0.1, =1.10.4, =1.0.8, =1.0.0, =0.0.1, =0.0.1, =0.1.2-dev-1, =1.0.0, =0.0.29, =1.0.0, =1.0.10, =1.0.18, =1.0.0, =1.0.12 and more Source cves: CVE-2020-15123, CVE-2020-7597 Source advisory: OSV:GHSA-5Q88-CJFQ-G2MH...
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...
CVE-2020-7597
CVE-2020-7597 (codecov-node) affects the npm package codecov-node before 3.6.5. The issue allows remote attackers to execute arbitrary commands because the value passed as part of the gcov-root argument is executed by the exec function in lib/codecov.js. Root cause is an incomplete fix of CVE-202...