Home > Vulnerability Database > CVE-2023-40582

Mend.io Vulnerability Database

CVE-2023-40582

Good to know:

Date: August 30, 2023

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.

Language: JS

Severity Score

9.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40582

Url: https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622

Url: https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c

Url: https://github.com/shime/find-exec

Url: https://www.mend.io/vulnerability-database/CVE-2023-40582

Severity Score

9.8

Weakness Type (CWE)

OS Command Injections

CWE-78

Top Fix

Upgrade Version

Upgrade to version find-exec - 1.0.3

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40582

Good to know:

Date: August 30, 2023

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?