Acrontum Filesystem-Template Package Command Injection (CVE-2022-21186)

A command injection vulnerability exists in Acrontum Filesystem-Template package. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization

The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

Remote Code Execution (RCE)

filesystem-template is vulnerable to remote code execution. The vulnerability exists because it does not escape incoming URL parameters in the fetchRepo API, allowing an attacker to pass and execute malicious code via it...

CVE-2022-21186 Arbitrary Command Injection

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

CVE-2022-21186

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

Acrontum filesystem-template 安全漏洞

Acrontum filesystem-template is a filesystem template from the German company Acrontum. A security vulnerability exists in Acrontum filesystem-template versions prior to 0.0.2 that stems from vulnerability to arbitrary command injection...

Arbitrary Command Injection

Overview @acrontum/filesystem-template is a Filesystem templating engine and project scaffolding tool Affected versions of this package are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. PoC: js const filesys =...