CVE-2017-1000451
fs-git command injection vulnerability
7.8
HIGH
CVSS 3.1
EPSS 0.42%
Description
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.
How to fix CVE-2017-1000451
To remediate CVE-2017-1000451, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.2 or later
Is CVE-2017-1000451 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |