9 matches found
EUVD-2023-0667
Malicious code in bioql PyPI...
Command Injection
jtrussell/semver-tags is vulnerable to Command Injection The vulnerability exists due to improper user-input sanitization in the getGitTagsRemote function, which allows an attacker to execute arbitrary commands...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
GHSA-8H3G-HCWP-6HXQ semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
semver-tags 安全漏洞
semver-tags is jtrussell's personal developer's tool for obtaining semver tags for repos. A security vulnerability exists in semver-tags, which stems from improper cleaning of user input. An attacker can exploit this vulnerability to perform command injection via the getGitTagsRemote function...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. PoC js var r = require"semver-tags" opt = "repoType":"git","repoPath":"";touch EXPLOITED;"" finalCb = console.log ropt,finalCb Remediation There is...