Lucene search
Veracode Vulnerability DatabaseVERACODE:36576HistoryAug 03, 2022 - 4:41 a.m.
Command Injection
2022-08-0304:41:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
54.9%
get-npm-package-version is vulnerable to command injection. The vulnerability exists because the module.export function of index.js does not properly sanitize the packageName and registry parameters, allowing an attacker to inject and execute malicious code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| get-npm-package-version | le | 1.0.6 | |
| get-npm-package-version | le | 1.0.6 |
References
github.com/advisories/GHSA-4h66-vghf-xg5x
github.com/hoperyy/get-npm-package-version/blob/338a5882298eb2c2194538db41166cae13c39e03/index.js#L17
github.com/hoperyy/get-npm-package-version/blob/338a5882298eb2c2194538db41166cae13c39e03/index.js%23L17
github.com/hoperyy/get-npm-package-version/commit/40b1cf31a0607ea66f9e30a0c3af1383b52b2dec
github.com/hoperyy/get-npm-package-version/pull/1
www.npmjs.com/package/get-npm-package-version/v/1.0.6
Related
cvelist
cvelist
CVE-2020-7795 Command Injection
2022-08-02 00:00:00
nvd
nvd
CVE-2020-7795
2022-08-02 14:15:09
github
github
get-npm-package-version Command Injection vulnerability
2022-08-03 00:00:57
osv
osv
get-npm-package-version Command Injection vulnerability
2022-08-03 00:00:57
CVE-2020-7795
2022-08-02 14:15:09
prion
prion
Command injection
2022-08-02 14:15:00
cve
cve
CVE-2020-7795
2022-08-02 14:15:09