EUVD-2022-6257

Malicious code in bioql PyPI...

chewb-server (>=0.0.1 <=0.0.20), video-dash-uploader (>=0.0.1 <=0.0.4) +1 more potentially affected by CVE-2020-28436 via google-cloudstorage-commands (=0.0.1)

google-cloudstorage-commands NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on google-cloudstorage-commands and may be impacted: - chewb-server =0.0.1, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2020-28436 Source advisory:...

google-cloudstorage-commands Command Injection vulnerability

A command injection vulnerability affects all versions of the deprecated package google-cloudstorage-commands...

CVE-2020-28436

This affects all versions of package google-cloudstorage-commands...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. PoC var root = require"google-cloudstorage-commands"; root.upload"./","& touch JHU", true; Remediation There is no fixed version for google-cloudstorage-commands. References - Vulnerable Code Credit: JHU System Securi...