gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-03-15 22:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-7601
Mitre link : CVE-2020-7601
CVE.ORG link : CVE-2020-7601
JSON object : View
Products Affected
gulp-scss-lint_project
- gulp-scss-lint
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')