14 matches found
EUVD-2023-1813
Malicious code in bioql PyPI...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
VulnCheck KEV: CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...
@saithodev/ts-appversion (>=1.3.0 <=2.1.2), ng-appversion (=1.3.0) +1 more potentially affected by CVE-2023-26134 via git-commit-info (=1.1.0)
git-commit-info NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-commit-info and may be impacted: - @saithodev/ts-appversion =1.3.0, =1.0.0, =2.0.3 Source cves: CVE-2023-26134 Source advisory: OSV:GHSA-H42J-MRMP-9369...
GHSA-H42J-MRMP-9369 git-commit-info vulnerable to Command Injection
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...
git-commit-info vulnerable to Command Injection
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
Command injection
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
CVE-2023-26134
CVE-2023-26134 affects the npm package git-commit-info prior to version 2.0.2. The vulnerability is a Command Injection in the exported gitCommitInfo() function where the commit parameter is not properly sanitized, allowing untrusted input to flow into a sensitive command execution API. Exploitat...
git-commit-info 命令注入漏洞
git-commit-info is a library by Jan Peer Stöcklmair Personal Developer. Get all the information about a specific commit. A security vulnerability exists in git-commit-info versions prior to 2.0.2, which stems from the presence of a command injection vulnerability...
PT-2023-20513 · Unknown · Git-Commit-Info
Name of the Vulnerable Software and Affected Versions: git-commit-info versions prior to 2.0.2 Description: The issue arises from the gitCommitInfo method failing to sanitize its commit parameter, which later flows into a sensitive command execution API. This allows attackers to inject malicious...
Command Injection
Overview git-commit-info is a Get the info of an specific commit hash Affected versions of this package are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a...