Skip to content

Conversation

debricked[bot]
Copy link

@debricked debricked bot commented Mar 23, 2022

CVE–2022–0144

Vulnerable dependency:     shelljs (npm)    0.7.6    0.8.3

Vulnerability details

Description

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

NVD

shelljs is vulnerable to Improper Privilege Management

GitHub

Improper Privilege Management in shelljs

shelljs is vulnerable to Improper Privilege Management

CVSS details - 7.1

 

CVSS3 metrics
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
References

    THIRD PARTY
    Improper Privilege Management in shelljs · CVE-2022-0144 · GitHub Advisory Database · GitHub
    fix(exec): lockdown file permissions (#1060) · shelljs/shelljs@d919d22 · GitHub
    Improper Privilege Management vulnerability found in shelljs
    Trying to get in touch regarding a security issue · Issue #1058 · shelljs/shelljs · GitHub
    GitHub - shelljs/shelljs: Portable Unix shell commands for Node.js
    shelljs/exec.js at master · shelljs/shelljs · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE

 

@debricked debricked bot force-pushed the debricked-fix-CVE_2022_0144-e6b6c01af24afd80 branch from 23ee56e to 02f6edc Compare May 14, 2022 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants