CVE-2019-10786OS Command Injection in Project Network-manager

CWE-78OS Command InjectionCWE-20Improper Input Validation5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
1.4%
top 19.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Network-manager Project Network-manager
Timeline
PublishedFeb 4
Latest updateApr 13

Description

network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Improper Input Validation in network-manager2021-04-13
GHSA
Improper Input Validation in network-manager2021-04-13
CVEList
CVE-2019-10786: network-manager through 12020-02-04

💬Community

1
Bugzilla
CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation2019-07-10
CVE-2019-10786 — OS Command Injection | cvebase