EUVD-2022-6025

Malicious code in bioql PyPI...

Command Injection

git-promise is vulnerable to command injection. The vulnerability exists in index.js due to an inappropriate fix for another vulnerability which allows an attacker to inject and execute arbitrary commands...

@apsis/cli (=0.5.0), @asmallstudio/utilities (>=0.2.2 <=0.3.3) +121 more potentially affected by CVE-2022-24376 via git-promise (>=0.2.0 <=1.0.0)

git-promise NPM version =0.2.0, =0.2.2, =1.1.8, =1.0.0, =2.0.0-beta.10, =1.0.13, =1.0.0, =0.0.8, =1.1.1 - @efox/eslint-config-react-prittier-ts =1.0.19 - @efox/pay =1.0.8 - @efox/plugin-babel-react =1.0.1 - @emfc/emfc-cli =1.1.0 and more Source cves: CVE-2022-24376 Source advisory:...