icon

We found results for “

CVE-2023-26143

Good to know:

icon

Date: September 19, 2023

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

Language: TYPE_SCRIPT

Severity Score

Severity Score

Weakness Type (CWE)

Argument Injection or Modification

CWE-88

Top Fix

icon

Upgrade Version

Upgrade to version blamer - 1.0.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us