← volver
CVE-2022-29080

CVE-2022-29080

EPSS 2.3%
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/barneycarroll/npm-dependency-versions/issues/6https://www.npmjs.com/package/npm-dependency-versions