CVEDB API

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.0%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2022-25962

Vagrant.js Project » Vagrant.js » Version: N/A

cpe:2.3:a:vagrant.js_project:vagrant.js:-
Vagrant.js Project » Vagrant.js » Version: 0.0.1

cpe:2.3:a:vagrant.js_project:vagrant.js:0.0.1
Vagrant.js Project » Vagrant.js » Version: 0.0.2

cpe:2.3:a:vagrant.js_project:vagrant.js:0.0.2
Vagrant.js Project » Vagrant.js » Version: 0.0.3

cpe:2.3:a:vagrant.js_project:vagrant.js:0.0.3
Vagrant.js Project » Vagrant.js » Version: 0.0.4

cpe:2.3:a:vagrant.js_project:vagrant.js:0.0.4