Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

CVE-2020-7619

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

EUVD-2021-1220

Malware in sbrugna...

Command injection in get-git-data

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

sizemometer (>=0.0.3 <=0.8.1) potentially affected by CVE-2020-7619 via get-git-data (>=1.0.3 <=1.3.1)

get-git-data NPM version =1.0.3, =0.0.3, =0.8.1 Source cves: CVE-2020-7619 Source advisory: OSV:GHSA-WJ6H-7CHW-X4H2...

GHSA-WJ6H-7CHW-X4H2 Command injection in get-git-data

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

OS Command Injection

get-git-data is vulnerable to OS command injection. The vulnerability exists as the values of cmd is not sanitized...

get-git-data injection vulnerability

get-git-data is a package for accessing Git version information. An injection vulnerability exists in get-git-data 1.3.1 and earlier versions, which stems from a lack of proper validation of user input data. A remote attacker can exploit this vulnerability by sending specially crafted parameters ...

CVE-2020-7619

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

CVE-2020-7619

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

CVE-2020-7619

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

CVE-2020-7619

CVE-2020-7619 affects the Node.js package get-git-data up to version 1.3.1. The issue is a Command Injection vulnerability: user-supplied arguments to get-git-data can lead to arbitrary command execution. Multiple connected sources confirm the vulnerability and link it to the lack of input valida...

sizemometer (>=0.3.0 <=0.8.1) potentially affected by CVE-2020-7619 via get-git-data (>=1.3.0 <=1.3.1)

get-git-data NPM version =1.3.0, =0.3.0, =0.8.1 Source cves: CVE-2020-7619 Source advisory: SNYK:JS-GETGITDATA-564222...