GHSA-f259-h6m8-hm8m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f259-h6m8-hm8m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-f259-h6m8-hm8m/GHSA-f259-h6m8-hm8m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-f259-h6m8-hm8m
- Aliases
- Published
- 2023-01-06T06:30:25Z
- Modified
- 2023-11-01T04:58:24.416102Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- exec-local-bin vulnerable to Command Injection
- Details
-
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the
theProcess()functionality due to improper user-input sanitization. - Database specific
{ "nvd_published_at": "2023-01-06T05:15:00Z", "cwe_ids": [ "CWE-77" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-01-09T20:11:57Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-25923
- https://github.com/saeedseyfi/exec-local-bin/commit/d425866375c85038133a6f79db2aac66c0a72624
- https://github.com/saeedseyfi/exec-local-bin
- https://github.com/saeedseyfi/exec-local-bin/blob/92db00bde9d6e2d83410849f898df12f075b73b0/index.js%23L9
- https://security.snyk.io/vuln/SNYK-JS-EXECLOCALBIN-3157956
Affected packages
npm / exec-local-bin
Package
- Name
- exec-local-bin
- View open source insights on deps.dev
- Purl
- pkg:npm/exec-local-bin