GSD-2021-1000009

Source
https://data.gsd.id/GSD-2021-1000009
Import Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2021/1000xxx/GSD-2021-1000009.json
JSON Data
https://api.osv.dev/v1/vulns/GSD-2021-1000009
Withdrawn
2023-03-14T07:04:18.324321Z
Published
2021-05-31T15:39:45.031586Z
Modified
2023-03-14T07:04:18.324321Z
Summary
Replacement of bash script by an attacker to one that includes malicious commands in Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version # included in it cannot be trusted.
Details

In Codecov Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version # included in it cannot be trusted. a Replacement of bash script by an attacker to one that includes malicious commands exists in the The Bash uploader script that can be attacked via Numerous victims downloaded and executed this script, resulting in Information disclosure is known, other impacts may have occurred (it is not clear if the script was only replaced once or multiple times)

References

Affected packages