16 matches found
CVE-2020-7620
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
EUVD-2021-0943
Malware in sbrugna...
Remote Code Execution (RCE)
pomelo-monitor is vulnerable to remote code execution. An attacker is able to inject and execute arbitrary commands through pomelo-monitor parameter...
@cpomelo/pomelo (=2.2.7), @linix01/pomelo (=2.2.9) +54 more potentially affected by CVE-2020-7620 via pomelo-monitor (>=0.3.5 <=0.3.7)
pomelo-monitor NPM version =0.3.5, =2.2.5, =1.0.0, =2.2.5, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =2.2.6, =0.0.1, =0.1.0 and more Source cves: CVE-2020-7620 Source advisory: OSV:GHSA-4J54-MXF6-WXX2...
GHSA-4J54-MXF6-WXX2 OS Command Injection in pomelo-monitor
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
OS Command Injection in pomelo-monitor
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
Remote Code Execution in pomelo-monitor
All versions of pomelo-monitor are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider using an...
@cpomelo/pomelo (=2.2.7), @linix01/pomelo (=2.2.9) +54 more potentially affected by unknown CVE via pomelo-monitor (>=0.3.5 <=0.3.7)
pomelo-monitor NPM version =0.3.5, =2.2.5, =1.0.0, =2.2.5, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =2.2.6, =0.0.1, =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M5CH-GX8G-RG73...
GHSA-M5CH-GX8G-RG73 Remote Code Execution in pomelo-monitor
All versions of pomelo-monitor are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider using an...
pomelo-monitor Command Injection Vulnerability
pomelo-monitor is a monitoring tool for operating systems and processes in nodejs. A command injection vulnerability exists in pomelo-monitor 0.3.7 and earlier versions. An attacker can exploit this vulnerability to inject arbitrary commands...
CVE-2020-7620
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
CVE-2020-7620
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
Design/Logic Flaw
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
CVE-2020-7620
CVE-2020-7620 affects pomelo-monitor up to version 0.3.7. The vulnerability allows command injection through parameters passed to pomelo-monitor, enabling an attacker to execute arbitrary commands. CVSS data indicate a NETWORK, low complexity, no authentication, with high confidentiality, integri...
CVE-2020-7620
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...
Remote Code Execution
Overview All versions of pomelo-monitor are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider using...