← voltar
CVE-2022-29080

CVE-2022-29080

EPSS 2.3%
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/barneycarroll/npm-dependency-versions/issues/6https://www.npmjs.com/package/npm-dependency-versions