Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:7625
HistoryOct 22, 2018 - 5:46 a.m.

Command Injection

2018-10-2205:46:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.003

Percentile

72.0%

apex-publish-static-files is vulnerable to command injection. The connectionString argument is not sanitized when passed to execSync(), which allows a remote attacker to inject arbitrary shell commands via the connectionString argument.

EPSS

0.003

Percentile

72.0%