Vulnerabilities

 1 via 1 paths

Dependencies

 157

Source

 GitHub

Commit

 1a62770b

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 4
Severity
  • 1
  • 4
Status
  • 5
  • 0
  • 0

high severity
new

Command Injection

  • Vulnerable module: @pnpm/npm-conf
  • Introduced through: yeoman-generator@7.5.1

Detailed paths

  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 latest-version@9.0.0 package-json@10.0.1 registry-auth-token@5.1.0 @pnpm/npm-conf@2.3.1

Overview

@pnpm/npm-conf is a Get the npm config

Affected versions of this package are vulnerable to Command Injection via environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker can execute arbitrary code by controlling environment variables during operations in build environments.

Remediation

Upgrade @pnpm/npm-conf to version 3.0.2 or higher.

References

Command Injection vulnerability report

medium severity

Artistic-2.0 license

  • Module: binaryextensions
  • Introduced through: yeoman-generator@7.5.1

Detailed paths

  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 mem-fs-editor@11.1.4 binaryextensions@6.11.0

Artistic-2.0 license

Artistic-2.0 license vulnerability report

medium severity

Artistic-2.0 license

  • Module: editions
  • Introduced through: yeoman-generator@7.5.1

Detailed paths

  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 mem-fs-editor@11.1.4 binaryextensions@6.11.0 editions@6.22.0
  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 mem-fs-editor@11.1.4 textextensions@6.11.0 editions@6.22.0

Artistic-2.0 license

Artistic-2.0 license vulnerability report

medium severity

Artistic-2.0 license

  • Module: textextensions
  • Introduced through: yeoman-generator@7.5.1

Detailed paths

  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 mem-fs-editor@11.1.4 textextensions@6.11.0

Artistic-2.0 license

Artistic-2.0 license vulnerability report

medium severity

Artistic-2.0 license

  • Module: version-range
  • Introduced through: yeoman-generator@7.5.1

Detailed paths

  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 mem-fs-editor@11.1.4 binaryextensions@6.11.0 editions@6.22.0 version-range@4.15.0
  • Introduced through: generator-game-generic@Skerwe/generator-game-generic#1a62770b23f93f6abdd75fddbd5e6c25a0294a1b yeoman-generator@7.5.1 mem-fs-editor@11.1.4 textextensions@6.11.0 editions@6.22.0 version-range@4.15.0

Artistic-2.0 license

Artistic-2.0 license vulnerability report