Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOTQtNnc4OS1ocHFy
Command Injection in fs-path
All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in.
Recommendation
No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.
Permalink: https://github.com/advisories/GHSA-gc94-6w89-hpqrJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOTQtNnc4OS1ocHFy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
Identifiers: GHSA-gc94-6w89-hpqr
References:
- https://hackerone.com/reports/324491
- https://www.npmjs.com/advisories/661
- https://github.com/pillys/fs-path/pull/5
- https://github.com/advisories/GHSA-gc94-6w89-hpqr
Blast Radius: 0.0
Affected Packages
npm:fs-path
Dependent packages: 83Dependent repositories: 657
Downloads: 22,957 last month
Affected Version Ranges: < 0.0.25
Fixed in: 0.0.25
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.13, 0.0.14, 0.0.15, 0.0.16, 0.0.17, 0.0.18, 0.0.19, 0.0.20, 0.0.21, 0.0.22, 0.0.23, 0.0.24
All unaffected versions: 0.0.25