ID CVE-2022-21186
Summary The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
References
Vulnerable Configurations
  • cpe:2.3:a:acrontum:filesystem-template:-:*:*:*:*:node.js:*:*
    cpe:2.3:a:acrontum:filesystem-template:-:*:*:*:*:node.js:*:*
  • cpe:2.3:a:acrontum:filesystem-template:0.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:acrontum:filesystem-template:0.0.1:*:*:*:*:node.js:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 08-08-2023 - 14:22
Published 05-08-2022 - 05:15
Last modified 08-08-2023 - 14:22
Back to Top