Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
wifey vulnerable to Command Injection due to improper input sanitization
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-xj9v-6q2f-vqhx, CVE-2022-25890
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25890
- https://security.snyk.io/vuln/SNYK-JS-WIFEY-3175615
- https://github.com/advisories/GHSA-xj9v-6q2f-vqhx
Affected Packages
npm:wifey
Dependent packages: 0Dependent repositories: 1
Downloads: 16 last month
Affected Version Ranges: <= 2.0.7
No known fixed version
All affected versions: 2.0.5, 2.0.6, 2.0.7