EUVD-2022-0955

Malicious code in bioql PyPI...

GHSA-C5HM-XC74-PQRG OS Command Injection in jscover

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

@reduct/build-tools (>=1.4.0 <=1.5.6), docurium-json-cleaner (>=1.0.0 <=1.0.3) +9 more potentially affected by CVE-2020-7623 via jscover (>=0.1.1 <=1.0.0)

jscover NPM version =0.1.1, =1.4.0, =1.0.0, =0.0.5, =0.0.5, =0.0.10 - latest-strong-pwd-generator =1.7.1 - print-random-console-msg =1.0.2 - random-msg-printer =1.0.0 - unique-password-suggestor =1.0.2 - unittesting =0.0.1 Source cves: CVE-2020-7623 Source advisory: OSV:GHSA-C5HM-XC74-PQRG...

OS Command Injection in jscover

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

OS Command Injection

jscover is vulnerable to OS Command Injection. The vulnerability exists as the source argument is not sanitized and can be controlled by users...

jscover Command Injection Vulnerability

jscover is a JavaScript code test coverage tool. An injection vulnerability exists in jscover 1.0.0 and earlier versions, which stems from a lack of proper validation of user input data. A remote attacker can exploit the vulnerability to execute arbitrary commands with the help of the 'source'...

CVE-2020-7623

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

CVE-2020-7623

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

CVE-2020-7623

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

CVE-2020-7623

CVE-2020-7623 affects jscover up to version 1.0.0. The vulnerability is a Command Injection via the source argument, allowing arbitrary command execution. Documented impact in CVSS data indicates high/critical severity (base scores up to 9.8, network attack, no authentication required). Connected...

@reduct/build-tools (>=1.4.0 <=1.5.6), docurium-json-cleaner (>=1.0.0 <=1.0.3) +9 more potentially affected by CVE-2020-7623 via jscover (>=0.1.1 <=1.0.0)

jscover NPM version =0.1.1, =1.4.0, =1.0.0, =0.0.5, =0.0.5, =0.0.10 - latest-strong-pwd-generator =1.7.1 - print-random-console-msg =1.0.2 - random-msg-printer =1.0.0 - unique-password-suggestor =1.0.2 - unittesting =0.0.1 Source cves: CVE-2020-7623 Source advisory: SNYK:JS-JSCOVER-564250...

Command Injection

Overview jscover is a node wrap for JSCover. Affected versions of this package are vulnerable to Command Injection. The source argument can be controlled by users without any sanitization. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicio...