EUVD-2022-6466

Malicious code in bioql PyPI...

Command Injection

gitblame is vulnerable to command injection. The vulnerability exists because the module.export function of gitblame.js does not properly sanitize the file parameter inside the exec functionality, allowing an attacker to inject and execute malicious code...

gitblame susceptible to command injection

A command injection vulnerability affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js...

console-blame (>=1.0.0 <=1.1.1), grunt-lintblame (>=0.1.0 <=0.3.5) +2 more potentially affected by CVE-2020-28434 via gitblame (>=0.1.0 <=0.1.1)

gitblame NPM version =0.1.0, =1.0.0, =0.1.0, =0.2.5, =0.9.5 - tch-lint-jshint =0.0.1 Source cves: CVE-2020-28434 Source advisory: OSV:GHSA-3486-RVXC-HRRJ...

GHSA-3486-RVXC-HRRJ gitblame susceptible to command injection

A command injection vulnerability affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js...

CVE-2020-28434

This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js...

CVE-2020-28434

CVE-2020-28434 affects all versions of the gitblame package. The root cause is a command injection in gitblame.js where the file parameter is not properly sanitized before using exec, enabling arbitrary code execution. Public documents corroborate that the vulnerability exists across all versions...

CVE-2020-28434 Command Injection

This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js...

PT-2022-8890 · Gitblame · Gitblame

Name of the Vulnerable Software and Affected Versions: gitblame affected versions not specified Description: A command injection issue affects the package. The injection point is located in line 15 in lib/gitblame.js. Recommendations: At the moment, there is no information about a newer version...

Command Injection

Overview gitblame is a package that uses git blame to find out who modified a file. Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 15 in lib/gitblame.js. PoC var a =require"gitblame"; a"& touch JHU",function Remediation There is no...

console-blame (>=1.0.0 <=1.1.1), grunt-lintblame (>=0.1.0 <=0.3.5) +2 more potentially affected by CVE-2020-28434 via gitblame (>=0.1.0 <=0.1.1)

gitblame NPM version =0.1.0, =1.0.0, =0.1.0, =0.2.5, =0.9.5 - tch-lint-jshint =0.0.1 Source cves: CVE-2020-28434 Source advisory: SNYK:JS-GITBLAME-1050430...