Description
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1bea9f1
Patch, Third Party Advisory x_refsource_misc
https://github.com/ljharb/npm-lockfile/commit/bfdb84813260f0edbf759f2fde1e8c816c1478b8
Scores
CVSS v3
9.8
EPSS
0.0046
EPSS Percentile
64.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
npm/npm-lockfile
2.0.3 - 2.0.5npm
npm-lockfile_project/npm-lockfile
2.0.3
npm-lockfile_project/npm-lockfile
2.0.4
Published
Mar 03, 2022
Tracked Since
Feb 18, 2026