CVE-2022-25853

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/jtrussell/semver-tags/blob/db1ba680bafed0d51e1bb36bd38f2c5439fe8b00/lib/get-tags.js%23L21 Broken Link
https://security.snyk.io/vuln/SNYK-JS-SEMVERTAGS-3175612 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:semver-tags_project:semver-tags:-:*:*:*:*:node.js:*:*
History

07 Nov 2023, 03:44

Type Values Removed Values Added
Summary All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-77 NVD-CWE-Other
Information

Published : 2023-02-06 05:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-25853

Mitre link : CVE-2022-25853

CVE.ORG link : CVE-2022-25853

JSON object : View

Products Affected

semver-tags_project

  • semver-tags
CWE
NVD-CWE-Other CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024