CVE-2018-16462
published 2018-10-30CVE-2018-16462: A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a…
PriorityP267critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
6.99%
93.3th percentile
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apex-publish-static-files_project | apex-publish-static-files | < 2.0.1 | 2.0.1 |
| apex-publish-static-files_project | apex-publish-static-files | — | — |
| apex-publish-static-files_project | apex-publish-static-files | >= 0 < 2.0.1 | 2.0.1 |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
ghsa9.8CRITICAL
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Command Injection in standard-version
osv·2020-07-13·CVSS 9.8
[CRITICAL] Command Injection in standard-version
Command Injection in standard-version
# GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2020-111`
The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [standard-version](https://github.com/conventional-changelog/standard-version).
## Summary
The `standardVersion` function has a command injection vulnerability. Clients of the `standard-version` library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
## Product
Standard Version
## Tested Version
Commit [2f04ac8](https://github.com/conventional-changelog/standard-version/tree/2f04ac8fc1c134a1981c23a093d4eece77d0bbb9/)
## Details
### Issue 1: Command injection in `standardVersion`
The following proof-of-concept i
GHSA
Command Injection in standard-version
ghsa·2020-07-13·CVSS 9.8
[CRITICAL] CWE-77 Command Injection in standard-version
Command Injection in standard-version
# GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2020-111`
The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [standard-version](https://github.com/conventional-changelog/standard-version).
## Summary
The `standardVersion` function has a command injection vulnerability. Clients of the `standard-version` library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
## Product
Standard Version
## Tested Version
Commit [2f04ac8](https://github.com/conventional-changelog/standard-version/tree/2f04ac8fc1c134a1981c23a093d4eece77d0bbb9/)
## Details
### Issue 1: Command injection in `standardVersion`
The following proof-of-concept i
GHSA
Command Injection in apex-publish-static-files
ghsa·2018-11-01
CVE-2018-16462 [CRITICAL] CWE-77 Command Injection in apex-publish-static-files
Command Injection in apex-publish-static-files
Versions of `apex-publish-static-files` before 2.0.1 are vulnerable to command injection. This is exploitable if user input is passed into the `connectString` option in the `publish` method.
## Recommendation
Update to version 2.0.1 or later.
OSV
Command Injection in apex-publish-static-files
osv·2018-11-01
CVE-2018-16462 [CRITICAL] Command Injection in apex-publish-static-files
Command Injection in apex-publish-static-files
Versions of `apex-publish-static-files` before 2.0.1 are vulnerable to command injection. This is exploitable if user input is passed into the `connectString` option in the `publish` method.
## Recommendation
Update to version 2.0.1 or later.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-30
Published