Vulnerability Details CVE-2022-25171
The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.8%
CVSS Severity
CVSS v3 Score 7.4
References
- https://github.com/natelong/p4/blob/master/p4.js%23L12
- https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fb
- https://security.snyk.io/vuln/SNYK-JS-P4-3167330
- https://github.com/natelong/p4/blob/master/p4.js%23L12
- https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fb
- https://security.snyk.io/vuln/SNYK-JS-P4-3167330
Products affected by CVE-2022-25171
-
cpe:2.3:a:p4_project:p4:0.0.1
-
cpe:2.3:a:p4_project:p4:0.0.2
-
cpe:2.3:a:p4_project:p4:0.0.3
-
cpe:2.3:a:p4_project:p4:0.0.4
-
cpe:2.3:a:p4_project:p4:0.0.5
-
cpe:2.3:a:p4_project:p4:0.0.6