CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

EUVD-2021-1229

Malware in sbrugna...

OS Command Injection in gulp-tape

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of gulp-tape options...

@instacarro/ic-model-admin (>=2.0.5 <=2.0.8), grommet-toolbox (>=0.1.3 <=0.2.12) +4 more potentially affected by CVE-2020-7605 via gulp-tape (>=0.0.10 <=1.0.0)

gulp-tape NPM version =0.0.10, =2.0.5, =0.1.3, =0.1.1, =0.1.5, =0.43.2 - sp-router-js =1.0.1 Source cves: CVE-2020-7605 Source advisory: OSV:GHSA-X67X-98X7-WV26...

GHSA-X67X-98X7-WV26 OS Command Injection in gulp-tape

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of gulp-tape options...

gulp-tape injection vulnerability

gulp-tape is a package that supports running Tape tests in Gulp. An injection vulnerability exists in gulp-tape 1.0.0 and earlier versions, which can be exploited by an attacker to execute arbitrary commands...

Remote Code Execution (RCE)

gulp-tape is susceptible to remote code execution RCE. The vulnerability exists as the flush function accepts the tapeProcess argument directly from the input using tapeBinaryFilepath without any sanitization...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

Design/Logic Flaw

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

CVE-2020-7605

CVE-2020-7605 corresponds to a command-injection flaw in gulp-tape up to version 1.0.0. The vulnerability arises from injecting arbitrary commands via gulp-tape options, enabling potential remote code execution if an attacker can influence those options. Multiple connected sources (Red Hat CVE en...

@instacarro/ic-model-admin (>=2.0.5 <=2.0.8), grommet-toolbox (>=0.1.3 <=0.2.12) +4 more potentially affected by CVE-2020-7605 via gulp-tape (>=0.0.10 <=1.0.0)

gulp-tape NPM version =0.0.10, =2.0.5, =0.1.3, =0.1.1, =0.1.5, =0.43.2 - sp-router-js =1.0.1 Source cves: CVE-2020-7605 Source advisory: SNYK:JS-GULPTAPE-560124...

Command Injection

Overview gulp-tape is a to run Tape tests in Gulp. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of gulp-tape options. PoC var root = require"gulp-tape"; var gulp = require"gulp"; var options = name: "& touch JHU.txt"...