CVE Record: CVE-2020-7597

Required CVE Record Information

Description

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

References 2 Total

https://github.com/codecov/codecov-node/commit/02cf13d8b93ac547b5b4c2cfe186b7d874fd234f
external site
https://snyk.io/vuln/SNYK-JS-CODECOV-548879
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://github.com/codecov/codecov-node/commit/02cf13d8b93ac547b5b4c2cfe186b7d874fd234f
external site
x_transferred
https://snyk.io/vuln/SNYK-JS-CODECOV-548879
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Snyk

Description

Product Status

References 2 Total

CVE Program

References 2 Total