Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1taDJoLTZqOHEteDI0Ns4AAjZJ

High EPSS: 0.0129% (0.79056 Percentile) EPSS:
Permalink JSON

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov

Affected Packages Affected Versions Fixed Versions
npm:codecov
PURL: pkg:npm/codecov
<= 3.6.1 3.6.2
19,925 Dependent packages
137,193 Dependent repositories
2,504,986 Downloads last month

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.6.1

All unaffected versions

3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.

References:

Identifiers

GHSA-mh2h-6j8q-x246

CVE-2020-7596

Risk

Severity

High

EPSS

EPSS Percentage: 0.0129

EPSS Percentile: 0.79056

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 3 years ago

Updated

16 days ago

API

JSON