Lucene search
Veracode Vulnerability DatabaseVERACODE:37404HistoryOct 04, 2022 - 9:55 a.m.
Command Injection
2022-10-0409:55:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24
snyk-go-plugin
command injection
execute function
sub-process.js
vulnerability
child processes
arbitrary commands
host system
0.001 Low
EPSS
Percentile
34.4%
snyk-go-plugin is vulnerable to command injection. The vulnerability exists in execute function of sub-process.js because shell for child processes is not properly disabled which allows an attacker to run arbitrary commands on the host system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snyk-go-plugin | le | 1.19.0 | |
| snyk-go-plugin | le | 1.19.0 |
References
github.com/advisories/GHSA-hpqj-7cj6-hfj8
github.com/snyk/snyk-go-plugin/commit/6cce1065842ffaeaa6e9abe93c94100d157c8376
github.com/snyk/snyk-go-plugin/pull/99
github.com/snyk/snyk-go-plugin/releases/tag/v1.19.1
www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/
Related
cve
cve
github
github
Snyk CLI affected by Command Injection vulnerability
2022-10-04 00:00:22
Snyk plugins vulnerable to Command Injection
2022-11-30 15:30:27
snyk Code Injection vulnerability
2023-07-06 19:24:04
prion
prion
Command injection
2022-10-03 15:15:00
Code injection
2022-11-30 13:15:00
Command injection
2022-11-30 13:15:00
nvd
nvd
redhatcve
redhatcve
CVE-2022-40764
2022-10-05 08:26:54
osv
osv
Snyk CLI affected by Command Injection vulnerability
2022-10-04 00:00:22
CVE-2022-40764
2022-10-03 15:15:18
Snyk plugins vulnerable to Command Injection
2022-11-30 15:30:27
impervablog
impervablog
New Vulnerability in Popular Widget Shows Risks of Third-Party Code
2022-11-09 11:53:56
cvelist
cvelist
CVE-2022-40764
2022-10-03 14:03:59
CVE-2022-22984 Command Injection
2022-11-30 00:00:00
CVE-2022-24441 Code Injection
2022-11-30 00:00:00