7 matches found
EUVD-2022-0042
Malicious code in bioql PyPI...
SUSE CVE-2019-10800
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...
GHSA-H3QR-FJHM-JPHW Codecov does not sanitize gcov arguments
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...
PYSEC-2022-238
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...
Security feature bypass
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...
GHSA-MH2H-6J8Q-X246 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument...
Command Injection
Overview codecov is a Python report uploader for Codecov. Affected versions of this package are vulnerable to Command Injection. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method. PoC by Snyk codecov --gcov-args='& echo test vuln1.txt'...