Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-7596 Vulnerability in npm package codecov

Description

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.

Remediation

References

https://snyk.io/vuln/SNYK-JS-CODECOV-543183

Related Vulnerabilities

CVE-2021-23425 Vulnerability in npm package trim-off-newlines

CVE-2020-28434 Vulnerability in npm package gitblame

CVE-2020-35201 Vulnerability in maven package org.igniterealtime.openfire.plugins:bookmarks

CVE-2022-25921 Vulnerability in npm package morgan-json

CVE-2020-7763 Vulnerability in npm package phantom-html-to-pdf

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory