Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOTQtNnc4OS1ocHFy

Command Injection in fs-path

All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.

Permalink: https://github.com/advisories/GHSA-gc94-6w89-hpqr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOTQtNnc4OS1ocHFy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago


Identifiers: GHSA-gc94-6w89-hpqr
References: Repository: https://github.com/pillys/fs-path
Blast Radius: 0.0

Affected Packages

npm:fs-path
Dependent packages: 83
Dependent repositories: 657
Downloads: 24,324 last month
Affected Version Ranges: < 0.0.25
Fixed in: 0.0.25
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.13, 0.0.14, 0.0.15, 0.0.16, 0.0.17, 0.0.18, 0.0.19, 0.0.20, 0.0.21, 0.0.22, 0.0.23, 0.0.24
All unaffected versions: 0.0.25