15 matches found
EUVD-2023-0792
Malicious code in bioql PyPI...
CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
Command Injection
create-choo-electron is vulnerable to Command Injection. The vulnerability exists due to improper user-input sanitization in the devinstall function, which allows an attacker to execute arbitrary commands...
GHSA-RJ7M-2P3G-FJXG create-choo-app3 is vulnerable to Command Injection via the devInstall function
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
create-choo-app3 is vulnerable to Command Injection via the devInstall function
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
CVE-2022-25855
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
CVE-2022-25855
The CVE-2022-25855 entry concerns the npm package create-choo-app3, with a documented Command Injection vulnerability in the devInstall function due to improper user-input sanitization. Multiple connected sources (Red Hat, GHSA, OSV, CNVD, SNYK, CVE lists) confirm the issue affects all versions a...
npm create-choo-app3 安全漏洞
npm create-choo-app3 is a library from npm USA. It is used to create a new choo application. A security vulnerability exists in create-choo-app3, which stems from improper cleanup of user input. An attacker exploits the vulnerability to perform command injection via the devInstall function...
Command Injection in create-choo-electron
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
CVE-2022-25908
CVE-2022-25908 affects the Node.js module create-choo-electron, with all versions vulnerable to Command Injection via the devInstall function due to improper input validation. Connected IBM advisories tie this to IBM Storage Ceph and IBM Maximo MAS deployments, describing feasible command executi...
CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
PT-2023-12833 · Unknown · Create-Choo-Electron
Name of the Vulnerable Software and Affected Versions: create-choo-electron versions all Description: The issue arises from improper user-input sanitization, making all versions of the package susceptible to Command Injection via the devInstall function. Recommendations: For all versions, conside...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. PoC js var root = require"create-choo-electron" root.devInstall"./","& touch JHU",function Remediation There is no fixed version for...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. PoC js var root =require"create-choo-app3" root.devInstall"./","& touch JHU",function Remediation There is no fixed version for create-choo-app3...