EUVD-2018-0451

Malicious code in bioql PyPI...

Command Injection in egg-scripts

Versions of egg-scripts before 2.8.1 are vulnerable to command injection. This is only exploitable if a malicious argument is provided on the command line. Example: eggctl start --daemon --stderr='/tmp/eggctlstderr.log; touch /tmp/malicious' Recommendation Update to version 2.8.1 or later...

@142vip/egg (=0.0.1-alpha.1), @142vip/egg-axios (=0.0.1-alpha.1) +215 more potentially affected by CVE-2018-3786 via egg-scripts (>=1.2.0 <=2.6.0)

egg-scripts NPM version =1.2.0, =0.1.3-alpha.0, =0.1.0-alpha.0, =0.1.1-alpha.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.8, =1.0.1, =1.0.2 and more Source cves: CVE-2018-3786 Source advisory: OSV:GHSA-C9J3-WQPH-5XX9...

GHSA-C9J3-WQPH-5XX9 Command Injection in egg-scripts

Versions of egg-scripts before 2.8.1 are vulnerable to command injection. This is only exploitable if a malicious argument is provided on the command line. Example: eggctl start --daemon --stderr='/tmp/eggctlstderr.log; touch /tmp/malicious' Recommendation Update to version 2.8.1 or later...

egg-scripts command injection vulnerability

egg-scripts is a deployment tool for deploying, running and managing egg projects. A command injection vulnerability exists in egg-scripts versions prior to 2.8.1. The vulnerability can be exploited to execute arbitrary shell commands with the help of maliciously crafted command line arguments...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

Command injection

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

CVE-2018-3786

CVE-2018-3786 affects egg-scripts prior to 2.8.1. A crafted command line argument enables command injection, allowing arbitrary shell command execution. Impact, per sources, is remote code execution in affected setups; exploitability is via untrusted input passed to egg-scripts. Remediation: upgr...

Command Injection

Overview Versions of egg-scripts before 2.8.1 are vulnerable to command injection. This is only exploitable if a malicious argument is provided on the command line. Example: eggctl start --daemon --stderr='/tmp/eggctlstderr.log; touch /tmp/malicious' Recommendation Update to version 2.8.1 or late...

PT-2018-16203 · Egg · Egg-Scripts

Name of the Vulnerable Software and Affected Versions: egg-scripts versions prior to 2.8.1 Description: A command injection issue allows arbitrary shell command execution through a maliciously crafted command line argument. This is only exploitable if a malicious argument is provided on the comma...

Node.js third-party modules: [egg-scripts] Command injection

I would like to report a command injection vulnerability in egg-scripts. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: egg-scripts version: 2.6.0 npm page: https://www.npmjs.com/package/egg-scripts Module Description "deploy...