Vulnerabilities > Codecov > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2020-7597 OS Command Injection vulnerability in Codecov
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js.
network
low complexity
codecov CWE-78
8.8
8.8
2020-01-25 CVE-2020-7596 OS Command Injection vulnerability in Codecov Nodejs Uploader
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
network
low complexity
codecov CWE-78
8.8
8.8