New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE–2022–0144 #2

Open

debricked wants to merge 1 commit into main from debricked-fix-CVE_2022_0144-d0582f89205aaa65

debricked bot commented Mar 23, 2022

CVE–2022–0144

Vulnerable dependency: shelljs (Yarn) 0.8.4

Vulnerability details

Description

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

NVD

shelljs is vulnerable to Improper Privilege Management

GitHub

Improper Privilege Management in shelljs

shelljs is vulnerable to Improper Privilege Management

CVSS details -

7.1

CVSS3 metrics
Attack Vector	Local
Attack Complexity	Low
Privileges Required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity	None
Availability	High

References

    NVD - CVE-2022-0144
    fix(exec): lockdown file permissions (#1060) · shelljs/shelljs@d919d22 · GitHub
    Improper Privilege Management vulnerability found in shelljs
    Trying to get in touch regarding a security issue · Issue #1058 · shelljs/shelljs · GitHub
    GitHub - shelljs/shelljs: Portable Unix shell commands for Node.js
    shelljs/exec.js at master · shelljs/shelljs · GitHub
    Improper Privilege Management in shelljs · CVE-2022-0144 · GitHub Advisory Database · GitHub

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE


          Fix CVE–2022–0144

57581c1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment