13 matches found
EUVD-2022-5610
Malicious code in bioql PyPI...
GHSA-WP3J-GV53-4PG8 fs-git command injection vulnerability
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...
css-semdiff (>=1.0.0 <=1.1.0), dtsm (>=0.0.1 <=1.1.0) +6 more potentially affected by CVE-2017-1000451 via fs-git (>=0.1.1 <=1.0.1)
fs-git NPM version =0.1.1, =1.0.0, =0.0.1, =0.1.1, =1.0.0, =1.0.8, =0.1.0, =0.0.3, =0.0.11 Source cves: CVE-2017-1000451 Source advisory: OSV:GHSA-WP3J-GV53-4PG8...
fs-git command injection vulnerability
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...
Duplicate Advisory: Command Injection in fs-git
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references. Original Description Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code...
GHSA-QR32-J4J6-3M7R Duplicate Advisory: Command Injection in fs-git
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references. Original Description Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code...
fs-git command injection vulnerability
fs-git is an open source API file system. A command injection vulnerability exists in fs-git version 1.0.1. The vulnerability stems from the buildCommand method used to create the exec string fails to filter data properly, which can be exploited by an attacker to inject commands and call exec...
Command Injection
fs-git is vulnerable to command injection attacks. These attacks are possible because the buildCommand function doesn't sanitize data before constructing exec strings, allowing attackers to insert and execute commands...
CVE-2017-1000451
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...
Command injection
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...
CVE-2017-1000451
CVE-2017-1000451 affects fs-git version 1.0.1, a file-system-like API for Git repositories. The root cause is the buildCommand function used to construct exec strings not sanitizing input, making any code path that calls child_process.exec vulnerable to command injection. This could allow an atta...
CVE-2017-1000451
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...
Command Injection
Overview Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution. Recommendation Update to version 1.0.2 or later. References - Commit eb5f70e - GitHub Advisory...