CVE-2021-34078

HIGH

lifion-verify-dependencies < 1.2.0 - OS Command Injection via Crafted Dependency Name

Title source: llm

Description

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.

References (2)

Core 2

Core References

Exploit, Patch, Third Party Advisory x_refsource_misc

https://advisory.checkmarx.net/advisory/CX-2021-4785

Patch, Third Party Advisory x_refsource_misc

https://github.com/lifion/lifion-verify-deps/commit/be1133d5b78e3caa0004fa60207013dca4e1bf38

View Patch ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0246

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

adp/lifion-verifiy-dependencies < 1.2.0

npm/lifion-verify-deps 0 - 1.2.0npm

Published Jun 02, 2022

Tracked Since Feb 18, 2026