Vulnerabilities > CVE-2017-1000451 - Unspecified vulnerability in Fs-Git Project Fs-Git

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

fs-git-project

NVD

Published: 2018-01-02

Updated: 2024-11-21

Summary

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.

Vulnerable Configurations

Part	Description	Count
Application	Fs-Git_Project FS GIT Project FS GIT 0.1.0 FS GIT Project FS GIT 0.1.1 FS GIT Project FS GIT 0.1.3 FS GIT Project FS GIT 0.1.4 FS GIT Project FS GIT 0.2.0 FS GIT Project FS GIT 0.2.1 FS GIT Project FS GIT 0.3.0 FS GIT Project FS GIT 0.4.0 FS GIT Project FS GIT 0.4.1 FS GIT Project FS GIT 0.5.0 FS GIT Project FS GIT 0.5.1 FS GIT Project FS GIT 1.0.0 FS GIT Project FS GIT 1.0.1	13

Summary

Vulnerable Configurations

References