CVE-2020-8149 – logkitty

Package

Manager: npm
Name: logkitty
Vulnerable Version: >=0 <0.7.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02036 pctl0.83122

Details

Arbitrary shell command execution in logkitty Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.

Metadata

Created: 2020-06-05T14:47:02Z
Modified: 2023-09-08T20:47:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-v8v8-6859-qxm4/GHSA-v8v8-6859-qxm4.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-v8v8-6859-qxm4
Finding: F422
Auto approve: 1