0.016 Low
EPSS
Percentile
87.5%
codecov is vulnerable to OS command injection. The vulnerability exists as it was possibly to use backticks “`” to bypass the sanitizer. This issue is related to CVE-2020-7597.
github.com/advisories/GHSA-5q88-cjfq-g2mh
github.com/codecov/codecov-node/commit/c0711c656686e902af2cd92d6aecc8074de4d83d
github.com/codecov/codecov-node/pull/180
github.com/codecov/codecov-node/security/advisories/GHSA-xp63-6vf5-xf3v
lgtm.com/query/7714424068617023832