Vulnerability Details CVE-2022-21186
The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.275
EPSS Ranking 96.2%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/acrontum/filesystem-template/pull/14/commits/baeb727b60991ad82d9e63ac660883793abc0acc
- https://security.snyk.io/vuln/SNYK-JS-ACRONTUMFILESYSTEMTEMPLATE-2419071
- https://github.com/acrontum/filesystem-template/pull/14/commits/baeb727b60991ad82d9e63ac660883793abc0acc
- https://security.snyk.io/vuln/SNYK-JS-ACRONTUMFILESYSTEMTEMPLATE-2419071
Products affected by CVE-2022-21186
-
cpe:2.3:a:acrontum:filesystem-template:-
-
cpe:2.3:a:acrontum:filesystem-template:0.0.1