Vulnerability Description
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blamer Project | Blamer | < 1.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1
- https://snyk.io/vuln/SNYK-JS-BLAMER-559541ExploitPatchThird Party Advisory
- https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1
- https://snyk.io/vuln/SNYK-JS-BLAMER-559541ExploitPatchThird Party Advisory
FAQ
What is CVE-2019-10807?
CVE-2019-10807 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.
How severe is CVE-2019-10807?
CVE-2019-10807 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10807?
Check the references section above for vendor advisories and patch information. Affected products include: Blamer Project Blamer.