GHSA-x73w-g8hx-v7rp

Source

https://github.com/advisories/GHSA-x73w-g8hx-v7rp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-x73w-g8hx-v7rp/GHSA-x73w-g8hx-v7rp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x73w-g8hx-v7rp

Aliases

CVE-2020-23256

Published

2023-01-20T21:30:32Z

Modified

2026-05-20T23:15:10.087916264Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

electerm allows unauthorized users to execute arbitrary commands

Details

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary commands via unverified request to electerms service.

Database specific

{
    "cwe_ids": [
        "CWE-306",
        "CWE-78"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2023-01-20T19:15:00Z",
    "github_reviewed_at": "2023-01-28T01:18:11Z",
    "severity": "CRITICAL"
}

References

Affected packages

npm / electerm

Package

Name: electerm; View open source insights on deps.dev
Purl: pkg:npm/electerm

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.22

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-x73w-g8hx-v7rp/GHSA-x73w-g8hx-v7rp.json"