fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.
References
Link | Resource |
---|---|
https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-FSA-564118 | Exploit Third Party Advisory |
https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-FSA-564118 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gregof/fsa/blob/master/lib/rep.js#L12 - Patch, Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JS-FSA-564118 - Exploit, Third Party Advisory |
Information
Published : 2020-04-07 14:15
Updated : 2024-11-21 05:37
NVD link : CVE-2020-7615
Mitre link : CVE-2020-7615
CVE.ORG link : CVE-2020-7615
JSON object : View
Products Affected
fsa_project
- fsa
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')