Skip to content

OS Command Injection in fsa

Moderate severity GitHub Reviewed Published Dec 9, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

npm fsa (npm)

Affected versions

<= 0.5.1

Patched versions

None

Description

fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.

References

Published by the National Vulnerability Database Apr 7, 2020
Reviewed May 25, 2021
Published to the GitHub Advisory Database Dec 9, 2021
Last updated Feb 1, 2023

Severity

Moderate

EPSS score

0.055%
(25th percentile)

Weaknesses

CVE ID

CVE-2020-7615

GHSA ID

GHSA-3p94-vj97-fm4q

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.