Vulnerabilities > CVE-2017-1000451 - Unspecified vulnerability in Fs-Git Project Fs-Git

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

fs-git-project

NVD

Published: 2018-01-02

Updated: 2019-10-03

Summary

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.

Vulnerable Configurations

Part	Description	Count
Application	Fs-Git_Project FS GIT Project FS GIT 0.1.0 FS GIT Project FS GIT 0.1.1 FS GIT Project FS GIT 0.1.3 FS GIT Project FS GIT 0.1.4 FS GIT Project FS GIT 0.2.0 FS GIT Project FS GIT 0.2.1 FS GIT Project FS GIT 0.3.0 FS GIT Project FS GIT 0.4.0 FS GIT Project FS GIT 0.4.1 FS GIT Project FS GIT 0.5.0 FS GIT Project FS GIT 0.5.1 FS GIT Project FS GIT 1.0.0 FS GIT Project FS GIT 1.0.1	13

References

https://nodesecurity.io/advisories/360