EUVD-2022-6439

Malicious code in bioql PyPI...

Command Injection

sonar-wrapper is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the run function allowing an attacker to inject maliciously crafted command into the system...

GHSA-WR4V-3F2H-6HHH sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

CVE-2020-28443 Command Injection

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

CVE-2020-28443

CVE-2020-28443 affects all versions of the Node package sonar-wrapper, with the injection point in lib/sonarRunner.js. The vulnerability is a Command Injection flaw, allowing crafted input to be injected into system commands (high impact: CVSS 3.1 base score 9.8). Connected sources confirm the vu...

sonar-wrapper 命令注入漏洞

sonar-wrapper is a package by loic rondel individual developer that wraps SonarQube Scanner as a node module. A security vulnerability exists in sonar-wrapper, which stems from a command injection attack injection point in sonarRunner.js...

Command Injection

Overview sonar-wrapper is a package that wraps SonarQube Scanner as a node module. Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/sonarRunner.js. PoC var root = require"sonar-wrapper"; var options= 'sonar.projectName':'& touch JHU';...