8 matches found
EUVD-2022-6439
Malicious code in bioql PyPI...
Command Injection
sonar-wrapper is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the run function allowing an attacker to inject maliciously crafted command into the system...
sonar-wrapper Command Injection vulnerability
A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...
GHSA-WR4V-3F2H-6HHH sonar-wrapper Command Injection vulnerability
A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...
CVE-2020-28443 Command Injection
This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...
CVE-2020-28443
CVE-2020-28443 affects all versions of the Node package sonar-wrapper, with the injection point in lib/sonarRunner.js. The vulnerability is a Command Injection flaw, allowing crafted input to be injected into system commands (high impact: CVSS 3.1 base score 9.8). Connected sources confirm the vu...
sonar-wrapper 命令注入漏洞
sonar-wrapper is a package by loic rondel individual developer that wraps SonarQube Scanner as a node module. A security vulnerability exists in sonar-wrapper, which stems from a command injection attack injection point in sonarRunner.js...
Command Injection
Overview sonar-wrapper is a package that wraps SonarQube Scanner as a node module. Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/sonarRunner.js. PoC var root = require"sonar-wrapper"; var options= 'sonar.projectName':'& touch JHU';...