CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25908

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 82.0%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2022-25908

Create-Choo-Electron Project » Create-Choo-Electron » Version: N/A

cpe:2.3:a:create-choo-electron_project:create-choo-electron:-
Create-Choo-Electron Project » Create-Choo-Electron » Version: 1.6.1

cpe:2.3:a:create-choo-electron_project:create-choo-electron:1.6.1
Create-Choo-Electron Project » Create-Choo-Electron » Version: 1.7.0

cpe:2.3:a:create-choo-electron_project:create-choo-electron:1.7.0
Create-Choo-Electron Project » Create-Choo-Electron » Version: 1.7.1

cpe:2.3:a:create-choo-electron_project:create-choo-electron:1.7.1
Create-Choo-Electron Project » Create-Choo-Electron » Version: 1.7.2

cpe:2.3:a:create-choo-electron_project:create-choo-electron:1.7.2
Create-Choo-Electron Project » Create-Choo-Electron » Version: 2.0.0

cpe:2.3:a:create-choo-electron_project:create-choo-electron:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25908

Products

Pricing

Contact Us