CVE-2022-21186
published 2022-08-05CVE-2022-21186: The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
24.87%
97.6th percentile
The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acrontum | filesystem-template | < 0.0.2 | 0.0.2 |
| acrontum | filesystem-template | >= 0 < 0.0.2 | 0.0.2 |
| acrontum | filesystem-template | >= unspecified < 0.0.2 | 0.0.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
ghsa·2022-08-06
CVE-2022-21186 [CRITICAL] CWE-77 @acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
OSV
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
osv·2022-08-06
CVE-2022-21186 [CRITICAL] @acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/acrontum/filesystem-template/pull/14/commits/baeb727b60991ad82d9e63ac660883793abc0acchttps://security.snyk.io/vuln/SNYK-JS-ACRONTUMFILESYSTEMTEMPLATE-2419071https://github.com/acrontum/filesystem-template/pull/14/commits/baeb727b60991ad82d9e63ac660883793abc0acchttps://security.snyk.io/vuln/SNYK-JS-ACRONTUMFILESYSTEMTEMPLATE-2419071
2022-08-05
Published