CVE-2022-29080

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS

Description

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.

barneycarroll/npm-dependency-versions
barneycarroll/npm-dependency-versions
A utility for determining the package versions at given points in time
GitHubGitHub
1
npm-dependency-versions
npm-dependency-versions
A utility for determining the package versions at given points in time
NPMNPM