EUVD-2022-6236

Malicious code in bioql PyPI...

Command Injection

deferred-exec is vulnerable to command injection. The vulnerability exists in deferredChildProcess function in deferred-exec.js because the command execution is not properly validated which allows an attacker to inject and execute malicious commands...

bear (=0.1.0), proud-badge (>=0.0.1 <=0.0.5) +1 more potentially affected by CVE-2020-28438 via deferred-exec (=0.3.1)

deferred-exec NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on deferred-exec and may be impacted: - bear =0.1.0 - proud-badge =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28438 Source advisory: OSV:GHSA-54W4-2F2P-F48H...

deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

GHSA-54W4-2F2P-F48H deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

Code injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438 Command Injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js...

CVE-2020-28438

CVE-2020-28438 affects all versions of the npm package deferred-exec. The vulnerability is a command injection in the deferred-exec.js file, with the injection point at line 42 in lib/deferred-exec.js. Multiple sources describe the issue as a command injection affecting the package, without detai...

PT-2022-8894 · Unknown · Deferred-Exec

Name of the Vulnerable Software and Affected Versions: deferred-exec affected versions not specified Description: A command injection issue affects the package. The injection point is located in line 42 in lib/deferred-exec.js. Recommendations: At the moment, there is no information about a newer...

deferred-exec 命令注入漏洞

deferred-exec is a tool for running exec commands by Dan Heberden, an individual developer in the United States. A security vulnerability exists in deferred-exec, which stems from a command injection attack injection point in deferred-exec.js...

bear (=0.1.0), proud-badge (>=0.0.1 <=0.0.5) +1 more potentially affected by CVE-2020-28438 via deferred-exec (=0.3.1)

deferred-exec NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on deferred-exec and may be impacted: - bear =0.1.0 - proud-badge =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28438 Source advisory: SNYK:JS-DEFERREDEXEC-1050433...

Command Injection

Overview deferred-exec is a tool to run exec commands. Lets you use exec, execFile and spawn in a sane way. Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 42 in lib/deferred-exec.js PoC var a = require"deferred-exec"; a" touch JHU ",;...