Description
reg-keygen-git-hash-plugin through 0.10.15 allow remote attackers to execute of arbitrary commands.
Recommendation
Update the reg-keygen-git-hash-plugin package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.10.16
- Patched version(s): 0.10.16
References
- GHSA-49q3-8867-5wmp
- www.npmjs.com
- CVE-2021-32673
- CWE-78
- CWE-94
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - CVE-2023-22621
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - @strapi/plugin-email - CVE-2023-22621
- Remote code execution in Eclipse Theia - CVE-2021-34435
- rejetto HFS vulnerable to OS Command Execution by remote authenticated users - CVE-2024-39943
You might also like:
- Tags:
- npm
- reg-keygen-git-hash-plugin
Anything's wrong? Let us know
Last updated on February 01, 2023