Lucene search
Veracode Vulnerability DatabaseVERACODE:29155HistoryJan 27, 2021 - 7:56 a.m.
Command Injection
2021-01-2707:56:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.021 Low
EPSS
Percentile
89.1%
async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file.
References
advisory.checkmarx.net/advisory/CX-2021-4772
github.com/omrilotan/async-git/pull/13
github.com/omrilotan/async-git/pull/13/commits/611823bd97dd41e9e8127c38066868ff9dcfa57a
github.com/omrilotan/async-git/pull/13/commits/a5f45f58941006c4cc1699609383b533d9b92c6a
github.com/omrilotan/async-git/pull/14
www.npmjs.com/advisories/1614
Related
cvelist
cvelist
CVE-2021-3190
2021-01-21 07:11:33
osv
osv
OS Command Injection in async-git
2021-01-29 18:14:00
cve
cve
CVE-2021-3190
2021-01-26 18:16:28
prion
prion
Command injection
2021-01-26 18:16:00
github
github
OS Command Injection in async-git
2021-01-29 18:14:00
nodejs
nodejs
OS Command Injection
2021-02-22 18:30:38
nvd
nvd
CVE-2021-3190
2021-01-26 18:16:28