CVE-2022-25171 – p4

Package

Manager: npm
Name: p4
Vulnerable Version: >=0 <0.0.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.004 pctl0.59887

Details

p4 vulnerable to Command Injection due to improper input sanitization The package p4 before 0.0.7 is vulnerable to Command Injection via the run() function due to improper input sanitization

Metadata

Created: 2022-12-20T06:30:36Z
Modified: 2025-04-16T16:08:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-jfm8-hwhg-r6gg/GHSA-jfm8-hwhg-r6gg.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-jfm8-hwhg-r6gg
Finding: F404
Auto approve: 1