lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2021-4785 | Exploit Patch Third Party Advisory |
https://github.com/lifion/lifion-verify-deps/commit/be1133d5b78e3caa0004fa60207013dca4e1bf38 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-01T14:31:56
Updated: 2022-06-01T14:31:56
Reserved: 2021-06-07T00:00:00
Link: CVE-2021-34078
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-02T14:15:28.757
Modified: 2022-06-09T17:49:00.650
Link: CVE-2021-34078
JSON object: View
Redhat Information
No data.
CWE