Vulnerabilities > Codecov > Codecov > 3.5.0

DATE CVE VULNERABILITY TITLE RISK
2020-07-20 CVE-2020-15123 OS Command Injection vulnerability in Codecov
In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability.
network
low complexity
codecov CWE-78
critical
 9.3
9.3
2020-02-17 CVE-2020-7597 OS Command Injection vulnerability in Codecov
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js.
network
low complexity
codecov CWE-78
8.8
8.8