CVE-2018-3786

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-3786

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3786.json

Aliases

GHSA-c9j3-wqph-5xx9

Published

2018-08-24T20:29:00Z

Modified

2023-11-29T06:36:06.386059Z

Details

A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.

References

https://hackerone.com/reports/388936
https://github.com/eggjs/egg-scripts/pull/26
https://github.com/eggjs/egg-scripts/blob/2.8.1/History.md

Affected packages

Git / github.com/eggjs/egg-scripts

Affected ranges

Type: GIT
Repo: https://github.com/eggjs/egg-scripts
Events: Introduced

0The exact introduced commit is unknown

Fixed

2ccc21ee37b8c4e422c782dc7001479a990f6f1a

Affected versions

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.2.0

2.*

2.0.0

2.1.0

2.1.1

2.2.0

2.3.0

2.4.0

2.5.0

2.5.1

2.6.0

2.7.0

2.8.0