Vulnerability Details CVE-2022-24377
The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.041
EPSS Ranking 88.1%
CVSS Severity
CVSS v3 Score 7.4
References
- https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890
- https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955
- https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890
- https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955
Products affected by CVE-2022-24377
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:-
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.0.12
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.0.13
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.0.14
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.0.15
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.0.16
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.0.17
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.1.0
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.2.0
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.2.1
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.2.2
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.2.3
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.2.4
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.3.0
-
cpe:2.3:a:cycle-import-check_project:cycle-import-check:1.3.1