PT-2022-10311 · Unknown · Lifion-Verify-Dependencies

Published

2022-06-01

·

Updated

2022-06-09

·

CVE-2021-34078

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions lifion-verify-dependencies versions prior to 1.1.1
Description The issue allows for OS command injection through a crafted dependency name in the package.json file of the scanned project.
Recommendations For lifion-verify-dependencies versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-34078
GHSA-RPHM-C8GW-3R38

Affected Products

Lifion-Verify-Dependencies