Lucene search
Veracode Vulnerability DatabaseVERACODE:22520HistoryFeb 18, 2020 - 3:57 a.m.
Remote Code Execution (RCE)
2020-02-1803:57:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.008 Low
EPSS
Percentile
81.2%
codecov is vulnerable to remote code execution (RCE). Due to an incomplete fix of CVE-2020-7596, the gcov-root and ather parameters are not sanitized properly and being executed in the exe function of lib/codecov.js, allowing an attacker to trigger RCE.
Related
github
github
codecov NPM module allows remote attackers to execute arbitrary commands
2020-02-19 17:29:39
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
2022-05-24 17:07:19
Command injection in codecov (npm package)
2020-07-20 17:20:20
cvelist
cvelist
CVE-2020-7597
2020-02-17 18:48:40
CVE-2020-7596
2020-01-25 18:08:41
CVE-2020-15123 Command injection in codecov (npm package)
2020-07-20 17:20:16
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2020-02-17 19:15:00
Command injection
2020-01-25 19:15:00
Command injection
2020-07-20 18:15:00
osv
osv
CVE-2020-7597
2020-02-17 19:15:12
codecov NPM module allows remote attackers to execute arbitrary commands
2020-02-19 17:29:39
veracode
veracode
OS Command Injection
2020-01-28 02:31:25
OS Command Injection
2020-07-21 01:33:21