4 matches found
@4players/odin-bot-sdk (>=0.1.0 <=0.4.4), @bhznjns/node-mp3-player (>=1.0.0 <=1.3.3) +39 more potentially affected by CVE-2020-7615 via fsa (>=0.3.1 <=0.5.1)
fsa NPM version =0.3.1, =0.1.0, =1.0.0, =1.0.0, =0.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.2, =1.2.2, =0.1.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =2.0.0 - chiasenhac-music-bot =1.0.0 and more Source cves: CVE-2020-7615 Source advisory: OSV:GHSA-3P94-VJ97-FM4Q...
CVE-2020-7615
fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand', located within 'lib/rep.js63' can be controlled by users without any sanitization to inject arbitrary commands...
CVE-2020-7615
The CVE-2020-7615 entry concerns fsa (File system auditor) up to version 0.5.1. Connected sources provide concrete details: the vulnerability is an OS command injection in the first argument to execGitCommand() located in lib/rep.js (line 63). An attacker can supply unsanitized input to inject ar...
@4players/odin-bot-sdk (>=0.1.0 <=0.4.4), @bhznjns/node-mp3-player (>=1.0.0 <=1.3.3) +39 more potentially affected by CVE-2020-7615 via fsa (>=0.3.1 <=0.5.1)
fsa NPM version =0.3.1, =0.1.0, =1.0.0, =1.0.0, =0.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.2, =1.2.2, =0.1.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =2.0.0 - chiasenhac-music-bot =1.0.0 and more Source cves: CVE-2020-7615 Source advisory: SNYK:JS-FSA-564118...