11 matches found
EUVD-2025-27152
Malicious code in bioql PyPI...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
GHSA-34W8-MCWR-VG29 CodeceptJS's incomprehensive sanitation can lead to Command Injection
CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary...
Arbitrary Command Injection
Overview codeceptjs is a Supercharged End 2 End Testing Framework for NodeJS Affected versions of this package are vulnerable to Arbitrary Command Injection via the emptyFolder function. An attacker can execute arbitrary system commands by supplying crafted input to the directoryPath parameter...
CodeceptJS's incomprehensive sanitation can lead to Command Injection
CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
CVE-2025-57285
CVE-2025-57285 affects CodeceptJS 3.7.3, where the emptyFolder function in lib/utils.js uses execSync with a user-controlled directoryPath unsafely, enabling potential command execution. The IBM and OSSV/GHSA entries corroborate the vulnerability in CodeceptJS and note versions around 3.5.0–3.7.5...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands...
PT-2025-36489
Name of the Vulnerable Software and Affected Versions: codeceptjs version 3.7.3 Description: codeceptjs version 3.7.3 contains a command injection issue in the emptyFolder function located in lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter...