Vulnerability Description
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Global-Modules-Path Project | Global-Modules-Path | < 3.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/lorenzomigliorero/npm-node-utils/blob/b55dd81c597db657c975133Broken LinkThird Party Advisory
- https://github.com/rosen-vladimirov/global-modules-path/commit/edbdaff077ea0cf29PatchThird Party Advisory
- https://github.com/rosen-vladimirov/global-modules-path/releases/tag/v3.0.0Third Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-GLOBALMODULESPATH-3167973Third Party Advisory
- https://github.com/lorenzomigliorero/npm-node-utils/blob/b55dd81c597db657c975133Broken LinkThird Party Advisory
- https://github.com/rosen-vladimirov/global-modules-path/commit/edbdaff077ea0cf29PatchThird Party Advisory
- https://github.com/rosen-vladimirov/global-modules-path/releases/tag/v3.0.0Third Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-GLOBALMODULESPATH-3167973Third Party Advisory
FAQ
What is CVE-2022-21191?
CVE-2022-21191 is a vulnerability with a CVSS score of 7.4 (HIGH). Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
How severe is CVE-2022-21191?
CVE-2022-21191 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21191?
Check the references section above for vendor advisories and patch information. Affected products include: Global-Modules-Path Project Global-Modules-Path.