CVE-2022-24377

CVSS V2 None CVSS V3 None
Description
The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.
Overview
  • CVE ID
  • CVE-2022-24377
  • Assigner
  • report@snyk.io
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T05:15:11
  • Last Modified Date
  • 2022-12-16T17:42:20
Weakness Enumerations
CWE URL
CWE-77 http://cwe.mitre.org/data/definitions/77.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cycle-import-check_project:cycle-import-check:*:*:*:*:*:*:*:* 1 OR 1.3.2
References
Reference URL Reference Tags
https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890
https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-24377
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24377
History
Created Old Value New Value Data Type Notes
2022-12-14 06:15:18 Added to TrackCVE
2022-12-14 14:15:24 2022-12-14T05:15:11.283 2022-12-14T05:15:11 CVE Published Date updated
2022-12-14 14:15:24 2022-12-14T14:09:52 CVE Modified Date updated
2022-12-14 14:15:24 Received Awaiting Analysis Vulnerability Status updated
2022-12-18 04:35:27 2022-12-16T17:42:20 CVE Modified Date updated
2022-12-18 04:35:27 Awaiting Analysis Analyzed Vulnerability Status updated
2022-12-18 04:35:30 CWE-77 Weakness Enumeration new
2022-12-18 04:35:37 CPE Information updated