CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for karma-mojo Project karma-mojo 1.0.0 for Node.js

Titles listed in dictionary

CPE for product: cpe:2.3:a:karma-mojo_project:karma-mojo:1.0.0:*:*:*:*:node.js:*:*

Showing 1-1 of 1
Maximal damage 9.8
Very easy to exploit
(other affected products) Published: Thu Apr 2 22:15:00 2020 UTC. Last Modified: Wed Jul 21 11:39:00 2021 UTC
CPE matches: cpe:2.3:a:karma-mojo_project:karma-mojo:*:*:*:*:*:node.js:*:* && versionEndIncluding=1.0.1

Description

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (CVSSv3)

Type of bug(s)

References