CVE-2020-8298
published 2021-03-04CVE-2020-8298: fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync`…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
11.17%
95.4th percentile
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fs-path_project | fs-path | < 0.0.25 | 0.0.25 |
| fs-path_project | fs-path | — | — |
| fs-path_project | fs-path | >= 0 < 0.0.25 | 0.0.25 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Command injection in fs-path
osv·2021-03-25
CVE-2020-8298 [CRITICAL] Command injection in fs-path
Command injection in fs-path
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
GHSA
Command injection in fs-path
ghsa·2021-03-25
CVE-2020-8298 [CRITICAL] CWE-77 Command injection in fs-path
Command injection in fs-path
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pillys/fs-path/commit/88ff5ee51046bb2c5d5e9c5afe6819b032092ce7https://github.com/pillys/fs-path/pull/6https://hackerone.com/reports/324491https://github.com/pillys/fs-path/commit/88ff5ee51046bb2c5d5e9c5afe6819b032092ce7https://github.com/pillys/fs-path/pull/6https://hackerone.com/reports/324491
2021-03-04
Published