Lucene search
Veracode Vulnerability DatabaseVERACODE:33608HistoryJan 12, 2022 - 9:51 a.m.
Information Disclosure
2022-01-1209:51:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.0005 Low
EPSS
Percentile
17.8%
shelljs is vulnerable to information disclosure. The vulnerability exists in ShellJS exec function of exec.js because the file permissions have not been locked down which allows an attacker to gain access to sensitive information of file system of the running scripts and crash application.
References
github.com/advisories/GHSA-4rq4-32rv-6wp6
github.com/shelljs/shelljs/blob/master/src/exec.js#L36L38
github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c
github.com/shelljs/shelljs/issues/1058
github.com/shelljs/shelljs/pull/1060
huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c
huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
Related
prion
prion
Input validation
2022-01-11 07:15:00
ubuntucve
ubuntucve
CVE-2022-0144
2022-01-11 00:00:00
redos
redos
ROS-20220516-01
2022-05-16 00:00:00
cvelist
cvelist
CVE-2022-0144 Improper Privilege Management in shelljs/shelljs
2022-01-11 06:45:10
cve
cve
CVE-2022-0144
2022-01-11 07:15:07
cnvd
cnvd
shelljs access control error vulnerability
2022-01-16 00:00:00
github
github
Improper Privilege Management in shelljs
2022-01-21 23:37:28
redhatcve
redhatcve
CVE-2022-0144
2022-01-21 13:46:17
nvd
nvd
CVE-2022-0144
2022-01-11 07:15:07
huntr
huntr
Improper Privilege Management in shelljs/shelljs
2021-12-26 16:49:06
osv
osv
CVE-2022-0144
2022-01-11 07:15:07
Improper Privilege Management in shelljs
2022-01-21 23:37:28
debiancve
debiancve
CVE-2022-0144
2022-01-11 07:15:07
redhat
redhat
