8 matches found
CVE-2021-26275
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...
@jheubuch/ng-ws-template (>=1.0.1 <=1.0.2), pg-generator (>=3.5.0 <=4.8.3) +1 more potentially affected by CVE-2021-26275 via eslint-fixer (=0.1.5)
eslint-fixer NPM version =0.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on eslint-fixer and may be impacted: - @jheubuch/ng-ws-template =1.0.1, =3.5.0, =4.8.3 - pg-generator-react-template =0.1.0 Source cves: CVE-2021-26275 Source advisory:...
Command injection in eslint-fixer
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...
GHSA-45W5-PVR8-4RH5 Command injection in eslint-fixer
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...
Arbitrary Code Execution
eslint-fixer is vulnerable to arbitrary code execution. The vulnerability exists through the lack of sanitization on the input to the childprocess.exec method...
CVE-2021-26275
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...
CVE-2021-26275
The CVE-2021-26275 entry concerns the eslint-fixer package for Node.js, up to version 0.1.5. The root cause is command injection via shell metacharacters in the fix() function, enabling arbitrary code execution. Affected software is eslint-fixer (maintained by ozum) with repository reportedly del...
PT-2021-16985 · Unknown · Eslint-Fixer
Name of the Vulnerable Software and Affected Versions: eslint-fixer versions 0.1.5 and earlier Description: The issue allows command injection via shell metacharacters to the fix function. This affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repositor...