EUVD-2021-0833

Malware in sbrugna...

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

OS Command Injection in enpeem

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

GHSA-HMW2-MVVH-JF5J OS Command Injection in enpeem

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

@luantm/strapi (=1.0.1), @mikermcneil/kit (>=1.1.2 <=1.3.12) +53 more potentially affected by CVE-2019-10801 via enpeem (>=0.1.1 <=2.2.0)

enpeem NPM version =0.1.1, =1.1.2, =0.10.2, =0.0.2, =0.0.1, =0.1.1, =0.6.3, =1.0.0, =0.0.10, =0.0.5, =0.0.19 and more Source cves: CVE-2019-10801 Source advisory: OSV:GHSA-HMW2-MVVH-JF5J...

Remote Code Execution (RCE)

enpeem is vulnerable to remote code execution. An attacker is able to inject malicious code inside a cmd command due to an unsanitized user input...

Enpeem Command Execution Vulnerability

Enpeem is a lightweight package for programmatically accessing NPM. A security vulnerability exists in Enpeem 2.2.0 and earlier versions, which originates when the program sends the 'options.dir' parameter directly to the 'exec' function without performing any cleanup operations. The vulnerabilit...

Remote Code Execution (RCE)

enpeem is vulnerable to remote code execution. The attack is possible because the options.dir values are not escaped, allowing an attacker to inject and execute arbitrary commands via the exec function...

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

Design/Logic Flaw

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

CVE-2019-10801

CVE-2019-10801 affects enpeem up to version 2.2.0. The vulnerability arises because the options.dir parameter is passed directly to the exec function without sanitization, enabling potential remote command execution. Documented impact is arbitrary command execution with high/severe impact metrics...

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

@luantm/strapi (=1.0.1), @mikermcneil/kit (>=1.1.2 <=1.3.12) +53 more potentially affected by CVE-2019-10801 via enpeem (>=0.1.1 <=2.2.0)

enpeem NPM version =0.1.1, =1.1.2, =0.10.2, =0.0.2, =0.0.1, =0.1.1, =0.6.3, =1.0.0, =0.0.10, =0.0.5, =0.0.19 and more Source cves: CVE-2019-10801 Source advisory: SNYK:JS-ENPEEM-559007...

Command Injection

Overview enpeem is a lightweight wrapper for accessing npm programmatically alternative to adding npm as a dependency Affected versions of this package are vulnerable to Command Injection. The options.dir argument is provided to the exec function without any sanitization. PoC By JHU System Securi...