CVE-2022-24377

The vulnerability CVE-2022-24377 affects the JavaScript package cycle-import-check, specifically versions prior to 1.3.2. The root cause is improper sanitization in the writeFileToTmpDirAndOpenIt function, which enables Command Injection when untrusted input is processed. Impact is high, with the...

CVE-2022-24377 Command Injection

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization...

Command injection

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization...

cycle-import-check 操作系统命令注入漏洞

cycle-import-check is a JS module cycle dependency checking tool by Theo Sun's personal developer. Versions of cycle-import-check prior to 1.3.2 suffer from an operating system command injection vulnerability that stems from incorrect user input cleanup and is susceptible to command injection via...

PT-2022-16655 · Unknown · Cycle-Import-Check

Name of the Vulnerable Software and Affected Versions: cycle-import-check versions prior to 1.3.2 Description: The issue is related to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. This allows for potential exploitation. No information is...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. PoC js var root = require"cycle-import-check" root.writeFileToTmpDirAndOpenIt"& touch JHU ", "aaa" Remediation Upgrade...