Description
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
Remediation
References
https://snyk.io/vuln/SNYK-JS-CODECOV-543183
Related Vulnerabilities
CVE-2021-21616 Vulnerability in maven package org.biouno:uno-choice
CVE-2020-7613 Vulnerability in npm package clamscan
CVE-2023-38905 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2022-25881 Vulnerability in maven package org.webjars.npm:http-cache-semantics
CVE-2022-0722 Vulnerability in maven package org.webjars.npm:parse-url