Lucene search

GitHub Advisory DatabaseGHSA-CV76-RV4H-4MQC

HistoryJun 03, 2022 - 12:00 a.m.

OS Command Injection in proctree

2022-06-0300:00:59

CWE-78

GitHub Advisory Database

github.com

os command injection

proctree

allenhwkim

node.js

vulnerability

fix function

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.8%

JSON

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.

Affected configurations

Vulners

Node

proctree_projectproctreeRange≤0.1.1

VendorProductVersionCPE
proctree_projectproctree*cpe:2.3:a:proctree_project:proctree:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proctree_project	proctree	*	cpe:2.3:a:proctree_project:proctree::::::::

References

advisory.checkmarx.net/advisory/CX-2021-4783

github.com/advisories/GHSA-cv76-rv4h-4mqc

github.com/allenhwkim/proctree/blob/master/index.js#L46

nvd.nist.gov/vuln/detail/CVE-2021-34082

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.8%

JSON

Related for GHSA-CV76-RV4H-4MQC