Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOTQtNnc4OS1ocHFy

High
Permalink JSON

Command Injection in fs-path

Affected Packages Affected Versions Fixed Versions
npm:fs-path
PURL: pkg:npm/fs-path
< 0.0.25 0.0.25
83 Dependent packages
657 Dependent repositories
20,363 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.13, 0.0.14, 0.0.15, 0.0.16, 0.0.17, 0.0.18, 0.0.19, 0.0.20, 0.0.21, 0.0.22, 0.0.23, 0.0.24

All unaffected versions

0.0.25

All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.

References:

Identifiers

GHSA-gc94-6w89-hpqr

Risk

Severity

High

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/pillys/fs-path

Date and time

Published

over 6 years ago

Updated

almost 3 years ago

API

JSON