0.006 Low
EPSS
Percentile
79.1%
codecov is vulnerable to OS command injection. Lack of validation and sanitization of the gcov-args allows an attacker to inject and execute arbitrary OS commands on the system.
gcov-args
github.com/codecov/codecov-node/commit/2f4eff90dd21e58dd56074dc4933b15a91373de6
github.com/codecov/codecov-node/pull/164