All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
References
Link | Resource |
---|---|
https://security.snyk.io/vuln/SNYK-JS-CREATECHOOAPP3-3157951 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-CREATECHOOAPP3-3157951 | Exploit Third Party Advisory |
Configurations
History
25 Mar 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 |
21 Nov 2024, 06:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
References | () https://security.snyk.io/vuln/SNYK-JS-CREATECHOOAPP3-3157951 - Exploit, Third Party Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-06 05:15
Updated : 2025-03-25 19:15
NVD link : CVE-2022-25855
Mitre link : CVE-2022-25855
CVE.ORG link : CVE-2022-25855
JSON object : View
Products Affected
create-choo-app3_project
- create-choo-app3
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
NVD-CWE-Other CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')