CVE-2019-10807 – blamer

Package

Manager: npm
Name: blamer
Vulnerable Version: >=0 <1.0.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00578 pctl0.67864

Details

Improper Neutralization of Special Elements used in an OS Command in Blamer Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.

Metadata

Created: 2022-05-24T17:10:48Z
Modified: 2022-06-28T15:22:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8cxp-cjm8-fj36/GHSA-8cxp-cjm8-fj36.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-8cxp-cjm8-fj36
Finding: F004
Auto approve: 1