CVE-2020-7615

fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.
References
Link Resource
https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FSA-564118 Exploit Third Party Advisory
https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FSA-564118 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:fsa_project:fsa:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 - Patch, Third Party Advisory () https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 - Patch, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JS-FSA-564118 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JS-FSA-564118 - Exploit, Third Party Advisory

Information

Published : 2020-04-07 14:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7615

Mitre link : CVE-2020-7615

CVE.ORG link : CVE-2020-7615


JSON object : View

Products Affected

fsa_project

  • fsa
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')