11 matches found
EUVD-2021-0518
Malware in sbrugna...
Command Injection
Overview Affected versions of @graphql-tools/git-loader package are vulnerable to Command Injection. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection. Recommendation Upgrade to fix version 6.2.6 or later References - Snyk Advisory - CVE -...
CVE-2021-23326
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...
@corejam/base (>=0.0.1 <=0.0.2), @corejam/cli (>=0.0.1 <=0.0.5) +27 more potentially affected by CVE-2021-23326 via @graphql-tools/git-loader (>=6.0.0-alpha.1 <=6.2.6-alpha-9e1fc254.0)
@graphql-tools/git-loader NPM version =6.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =6.0.15, =4.0.1-alpha-0a0f697.0, =4.0.1-alpha-0a0f697.0, =1.13.6-alpha-c74c7b7d.14, =0.0.0-canary.02a53c5, =0.0.1, =1.0.5, =0.0.24, =0.1.0, =1.29.0, =2.0.0-alpha.36 and more Source cves: CVE-2021-23326 Source...
Command Injection in @graphql-tools/git-loader
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...
GHSA-VHHW-XJVF-WPRR Command Injection in @graphql-tools/git-loader
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...
The Guild Graphql Tools Command Injection Vulnerability
The Guild Graphql Tools is a tool from The Guild that generates graphql query statements based on a specific syntax. A command injection vulnerability exists in graphql-tools/git-loader prior to version 6.2.6, which stems from the use of exec and execSync in packages/loaders/git/src/load-git.ts t...
CVE-2021-23326
The CVE-2021-23326 entry applies to the package @graphql-tools/git-loader prior to 6.2.6. The vulnerability stems from the use of exec and execSync in packages/loaders/git/src/load-git.ts, enabling arbitrary command injection. Impact is described as potential command execution with the associated...
CVE-2021-23326 Command Injection
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...
The Guild Graphql Tools 命令注入漏洞
The Guild Graphql Tools is a tool from The Guild that generates graphql query statements based on a specific syntax. A command injection vulnerability exists in graphql-tools/git-loader prior to version 6.2.6, which stems from the use of exec and execSync in packages/loaders/git/src/load-git.ts t...
@corejam/base (>=0.0.1 <=0.0.2), @corejam/cli (>=0.0.1 <=0.0.5) +27 more potentially affected by CVE-2021-23326 via @graphql-tools/git-loader (>=6.0.0-alpha.1 <=6.2.6-alpha-9e1fc254.0)
@graphql-tools/git-loader NPM version =6.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =6.0.15, =4.0.1-alpha-0a0f697.0, =4.0.1-alpha-0a0f697.0, =1.13.6-alpha-c74c7b7d.14, =0.0.0-canary.02a53c5, =0.0.1, =1.0.5, =0.0.24, =0.1.0, =1.29.0, =2.0.0-alpha.36 and more Source cves: CVE-2021-23326 Source...