GHSA-54w4-2f2p-f48h

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-54w4-2f2p-f48h/GHSA-54w4-2f2p-f48h.json

Aliases

• CVE-2020-28438

Published

2022-07-26T00:01:06Z

Modified

2022-08-06T05:19:00Z

Details

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-28438
• https://github.com/danheberden/deferred-exec
• https://github.com/danheberden/deferred-exec/blob/master/lib/deferred-exec.js#L42
• https://security.snyk.io/vuln/SNYK-JS-DEFERREDEXEC-1050433