Description
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
Scores
CVSS v3
9.8
EPSS
0.0655
EPSS Percentile
91.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
find-exec_project/find-exec
< 1.0.3
npm/find-exec
0 - 1.0.3npm
Published
Aug 30, 2023
Tracked Since
Feb 18, 2026