EUVD-2023-0334

Malicious code in bioql PyPI...

CVE-2022-25962

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization...

Command injection in vagrant.js

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization...

GHSA-54JW-JQR9-6CJ9 Command injection in vagrant.js

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization...

CVE-2022-25962

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization...

Command injection

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization...

CVE-2022-25962

CVE-2022-25962 affects the JavaScript package vagrant.js. The root cause is improper input sanitization in the boxAdd function, enabling Command Injection. Public references include a PoC demonstrating execution of arbitrary commands, and multiple feeds (e.g., Snyk) indicate there is no fixed ver...

CVE-2022-25962

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization...

PT-2023-12841 · Unknown · Vagrant.Js

Name of the Vulnerable Software and Affected Versions: vagrant.js versions all Description: The issue arises from improper input sanitization in the boxAdd function, leading to Command Injection. This allows for potential execution of arbitrary commands. Recommendations: For all versions, conside...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. PoC js vagrant = require"vagrant.js"; vagrant.boxAdd";touch EXPLOITED;", "", functionboxArr, stderr; Remediation There is no fixed version for vagrant.js...