EUVD-2020-0362

Malware in sbrugna...

OS Command Injection

npm-programmatic is vulnerable to OS command injection. The packages and option properties are concatenated and directly passed to an exec function...

GHSA-426H-24VJ-QWXF Command Injection in npm-programmatic

All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...

Command Injection in npm-programmatic

All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...

0.extends.wechat (>=1.0.51 <=1.0.65), @berkozturk/npm_project_generator (=1.0.0) +113 more potentially affected by CVE-2020-7614 via npm-programmatic (>=0.0.10 <=0.0.12)

npm-programmatic NPM version =0.0.10, =1.0.51, =0.0.2, =0.0.1-dev-preview-19, =0.1.0, =0.2.0, =1.0.0, =0.0.1-rc.1, =0.0.1, =1.0.0, =4.0.0, =0.0.2, =0.0.2, =0.0.3-alpha.18 and more Source cves: CVE-2020-7614 Source advisory: OSV:GHSA-426H-24VJ-QWXF...

Command Injection

Overview All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passe...

npm-programmatic OS Command Injection Vulnerability

npm-programmatic is a package that supports programmatic access to npm commands from JavaScript. An operating system command injection vulnerability exists in npm-programmatic. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary code...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

CVE-2020-7614 affects npm-programmatic up to version 0.0.12 and enables command injection via concatenated options passed to exec. The vulnerability enables remote code execution if untrusted input is supplied to npm-programmatic’s install/uninstall/list paths, as demonstrated by the evidence and...

0.extends.wechat (>=1.0.51 <=1.0.65), @berkozturk/npm_project_generator (=1.0.0) +152 more potentially affected by CVE-2020-7614 via npm-programmatic (>=0.0.10 <=0.0.9)

npm-programmatic NPM version =0.0.10, =1.0.51, =0.0.2, =0.0.1-dev-preview-19, =0.1.0, =0.4.0, =0.2.0, =3.0.0, =0.1.0, =1.0.0, =0.0.1-rc.1, =0.0.1, =1.0.0, =4.0.0, =5.1.4 and more Source cves: CVE-2020-7614 Source advisory: SNYK:JS-NPMPROGRAMMATIC-564115...