Vulnerability Description
The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization
CVSS Score
7.4
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| P4 Project | P4 | < 0.0.7 |
Related Weaknesses (CWE)
References
- https://github.com/natelong/p4/blob/master/p4.js%23L12Broken LinkThird Party Advisory
- https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fbPatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-P4-3167330ExploitPatchThird Party Advisory
- https://github.com/natelong/p4/blob/master/p4.js%23L12Broken LinkThird Party Advisory
- https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fbPatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-P4-3167330ExploitPatchThird Party Advisory
FAQ
What is CVE-2022-25171?
CVE-2022-25171 is a vulnerability with a CVSS score of 7.4 (HIGH). The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization
How severe is CVE-2022-25171?
CVE-2022-25171 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25171?
Check the references section above for vendor advisories and patch information. Affected products include: P4 Project P4.