9 matches found
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...
Arbitrary Command Execution
push-dir is vulnerable to Arbitrary Command Execution. The vulnerability is due to the lack of validation for arguments provided in the "opt.branch" variable before being passed to the "git" command, allowing an attacker to inject arbitrary commands...
push-dir Enables OS Command Injection
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.jsL139. This could be abused by an attacker to inject arbitrary commands...
@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)
push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...
CVE-2019-10803
CVE-2019-10803 affects push-dir up to version 0.4.1, enabling OS command injection via unsafely passed argument opt.branch to the git command in index.js (line ~139). Connected sources (Red Hat, OSV, Snyk, Veracode, GHSA) consistently describe arbitrary command execution stemming from lack of val...
@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)
push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...