Lucene search
SnykCVELIST:CVE-2020-7597HistoryFeb 17, 2020 - 6:48 p.m.
CVE-2020-7597
2020-02-1718:48:40
snyk
www.cve.org
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
CNA Affected
[
{
"product": "codecov npm module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 3.6.5"
}
]
}
]Related
github
github
codecov NPM module allows remote attackers to execute arbitrary commands
2020-02-19 17:29:39
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
2022-05-24 17:07:19
Command injection in codecov (npm package)
2020-07-20 17:20:20
nvd
nvd
cve
cve
veracode
veracode
Remote Code Execution (RCE)
2020-02-18 03:57:59
OS Command Injection
2020-01-28 02:31:25
OS Command Injection
2020-07-21 01:33:21
prion
prion
Design/Logic Flaw
2020-02-17 19:15:00
Command injection
2020-01-25 19:15:00
Command injection
2020-07-20 18:15:00
osv
osv
CVE-2020-7597
2020-02-17 19:15:12
codecov NPM module allows remote attackers to execute arbitrary commands
2020-02-19 17:29:39
cvelist
cvelist
CVE-2020-7596
2020-01-25 18:08:41
CVE-2020-15123 Command injection in codecov (npm package)
2020-07-20 17:20:16