CVE | CVE-2023-26107 |
CVE Title | |
Published Date | 2023-03-06T05:15Z |
Modified Date | 2023-03-10T22:43Z |
CWE Type | CWE-94 |
CVSS 3.x | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description | All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969 |
Reference Description | MISC https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969 |
Reference URL | https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L64 |
Reference Description | MISC https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L64 |
Reference URL | https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L115 |
Reference Description | MISC https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L115 |
Tags | Exploit Third Party Advisory |
Sources | NIST MITRE |