CVE-2020-7615

Sažetak

fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.

Reference

https://github.com/gregof/fsa/blob/master/lib/rep.js#L12
https://snyk.io/vuln/SNYK-JS-FSA-564118

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-04-2020 - 19:39

Objavljeno

07-04-2020 - 14:15