7.1
CVE-2022-0144
- EPSS 0.43%
- Veröffentlicht 11.01.2022 07:15:07
- Zuletzt bearbeitet 21.11.2024 06:37:59
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginImproper Privilege Management in shelljs/shelljs
shelljs is vulnerable to Improper Privilege Management
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Shelljs Project ≫ Shelljs SwPlatformnode.js Version < 0.8.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:P
|
| security@huntr.dev | 7.1 | 1.8 | 5.2 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c