CVE-2021-26275
CRITICALeslint-fixer < 0.1.5 - Command Injection via Shell Metacharacters
Title source: llmDescription
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.npmjs.com/package/eslint-fixer
Exploit, Third Party Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2021-4774
Scores
CVSS v3
9.8
EPSS
0.0304
EPSS Percentile
85.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
eslint-fixer_project/eslint-fixer
< 0.1.5
npm/eslint-fixer
0npm
Published
Mar 19, 2021
Tracked Since
Feb 18, 2026