6 matches found
@cyber-insight/cyber-scripts (>=1.7.9 <=6.0.0-alpha.4), @cyber.insight/cyber-scripts (>=1.0.0 <=1.0.2) +4 more potentially affected by CVE-2020-7795 via get-npm-package-version (=1.0.6)
get-npm-package-version NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on get-npm-package-version and may be impacted: - @cyber-insight/cyber-scripts =1.7.9, =1.0.0, =5.0.20, =1.0.0, =1.0.7 - temp-test-scripts =0.0.30 Source cves:...
GHSA-4H66-VGHF-XG5X get-npm-package-version Command Injection vulnerability
The package get-npm-package-version before 1.0.7 is vulnerable to Command Injection via the main function in index.js...
CVE-2020-7795
CVE-2020-7795 affects the npm package get-npm-package-version prior to 1.0.7. The vulnerability is a command injection flaw exploited via the main function in index.js, enabling arbitrary code execution. Public sources (e.g., Veracode, PSIRT notes) describe the issue as a command injection with i...
get-npm-package-version 命令注入漏洞
get-npm-package-version is a package for hoperyy individual developers. It is used to get the npm package version. A command injection vulnerability exists in get-npm-package-version before 1.0.7, which is caused by command injection via the main function in index.js...
@cyber-insight/cyber-scripts (>=1.7.9 <=6.0.0-alpha.4), @cyber.insight/cyber-scripts (>=1.0.0 <=1.0.2) +4 more potentially affected by CVE-2020-7795 via get-npm-package-version (=1.0.6)
get-npm-package-version NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on get-npm-package-version and may be impacted: - @cyber-insight/cyber-scripts =1.7.9, =1.0.0, =5.0.20, =1.0.0, =1.0.7 - temp-test-scripts =0.0.30 Source cves:...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via main function in index.js. PoC var a = require"get-npm-package-version"; a"& touch JHU"; Remediation Upgrade get-npm-package-version to version 1.0.7 or higher. References - GitHub Commit - NPM Package - Vulnerable...