CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

EUVD-2021-1073

Malware in sbrugna...

Injection in gulp-scss-lint

Overview gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. Recommendation Avoid using gulp-scss-lint as there is no current safe version of this module...

@absolunet/nwayo-workflow (>=3.2.0 <=3.3.6), @londondevstudio/gush (>=0.9.0 <=0.10.0) +53 more potentially affected by CVE-2020-7601 via gulp-scss-lint (>=0.1.12 <=1.0.0)

gulp-scss-lint NPM version =0.1.12, =3.2.0, =0.9.0, =1.0.0, =1.1.1, =0.0.27, =0.0.33, =1.0.34, =1.1.54 - fear-core-dev =1.3.2 and more Source cves: CVE-2020-7601 Source advisory: OSV:GHSA-G4HJ-R7R3-9RWV...

GHSA-G4HJ-R7R3-9RWV OS Command Injection in gulp-scss-lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

OS Command Injection in gulp-scss-lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

Command Injection in juanfran/gulp-scss-lint

Overview gulp-scss-lint is a Lint for your .scss files, this package is vulnerable to Command Injection. It is possible to inject arbitrary commands to the exec function located in src/command.js via the provided options. Proof of Concept by JHU System Security Lab var root =...

Vulnerability of the `exec` function in the gulp-scss-lint package from the NPM package manager, allowing attackers to execute arbitrary commands.

The vulnerability of the exec function in the src/command.js file of the gulp-scss-lint package exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

gulp-scss-lint injection vulnerability

gulp-scss-lint is a configurable package of code cleaning tools. A security vulnerability exists in gulp-scss-lint 1.0.0 and earlier versions. An attacker can exploit the vulnerability to inject and execute arbitrary commands...

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

Code injection

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

@absolunet/nwayo-workflow (>=3.2.0 <=3.3.6), @londondevstudio/gush (>=0.9.0 <=0.10.0) +53 more potentially affected by CVE-2020-7601 via gulp-scss-lint (>=0.1.12 <=1.0.0)

gulp-scss-lint NPM version =0.1.12, =3.2.0, =0.9.0, =1.0.0, =1.1.1, =0.0.27, =0.0.33, =1.0.34, =1.1.54 - fear-core-dev =1.3.2 and more Source cves: CVE-2020-7601 Source advisory: SNYK:JS-GULPSCSSLINT-560114...