Vulnerability Description
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.
CVSS Score
6.9
MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ebay | Sketchsvg | - |
Related Weaknesses (CWE)
References
- https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/Broken Link
- https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/Broken Link
- https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969ExploitThird Party Advisory
- https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/Broken Link
- https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/Broken Link
- https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969ExploitThird Party Advisory
FAQ
What is CVE-2023-26107?
CVE-2023-26107 is a vulnerability with a CVSS score of 6.9 (MEDIUM). All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of ...
How severe is CVE-2023-26107?
CVE-2023-26107 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26107?
Check the references section above for vendor advisories and patch information. Affected products include: Ebay Sketchsvg.