GHSA-m2fc-9h5m-29cm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m2fc-9h5m-29cm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-m2fc-9h5m-29cm/GHSA-m2fc-9h5m-29cm.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m2fc-9h5m-29cm
- Aliases
- Published
- 2022-08-06T00:00:51Z
- Modified
- 2023-11-01T04:57:37.970792Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- @acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
- Details
-
The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
- Database specific
{ "cwe_ids": [ "CWE-77" ], "nvd_published_at": "2022-08-05T05:15:00Z", "github_reviewed_at": "2022-08-11T17:20:22Z", "severity": "CRITICAL", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-21186
- https://github.com/acrontum/filesystem-template/issues/13
- https://github.com/acrontum/filesystem-template/pull/14/commits/baeb727b60991ad82d9e63ac660883793abc0acc
- https://github.com/acrontum/filesystem-template/commit/baeb727b60991ad82d9e63ac660883793abc0acc
- https://github.com/acrontum/filesystem-template
- https://security.snyk.io/vuln/SNYK-JS-ACRONTUMFILESYSTEMTEMPLATE-2419071
Affected packages
npm / @acrontum/filesystem-template
Package
- Name
- @acrontum/filesystem-template
- View open source insights on deps.dev
- Purl
- pkg:npm/%40acrontum/filesystem-template