CVE-2019-10800 – codecov

Package

Manager: pip
Name: codecov
Vulnerable Version: >=0 <2.0.16

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00382 pctl0.5881

Details

Codecov does not sanitize gcov arguments This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

Metadata

Created: 2022-07-14T00:00:23Z
Modified: 2024-11-18T16:26:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-h3qr-fjhm-jphw/GHSA-h3qr-fjhm-jphw.json
CWE IDs: ["CWE-88"]
Alternative ID: GHSA-h3qr-fjhm-jphw
Finding: F014
Auto approve: 1