@142vip/egg (=0.0.1-alpha.1), @142vip/egg-axios (=0.0.1-alpha.1) +215 more potentially affected by CVE-2018-3786 via egg-scripts (>=1.2.0 <=2.6.0)

egg-scripts NPM version =1.2.0, =0.1.3-alpha.0, =0.1.0-alpha.0, =0.1.1-alpha.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.8, =1.0.1, =1.0.2 and more Source cves: CVE-2018-3786 Source advisory: OSV:GHSA-C9J3-WQPH-5XX9...

egg-scripts command injection vulnerability

egg-scripts is a deployment tool for deploying, running and managing egg projects. A command injection vulnerability exists in egg-scripts versions prior to 2.8.1. The vulnerability can be exploited to execute arbitrary shell commands with the help of maliciously crafted command line arguments...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...