Arbitrary Command Execution

Affecting clamscan package, versions <0.8.2

Do your applications use this vulnerable package? Test your applications

Overview

clamscan is Use Node JS to scan files on your server with ClamAV's clamscan binary or clamdscan daemon. Affected versions of the package are vulnerable to Arbitrary Command Execution. No other information was given.

Remediation

Upgrade clamscan to version 0.8.2 or higher.

References

CVSS Score

7.4
high severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Credit
Unknown
CWE
CWE-94
Snyk ID
npm:clamscan:20150821
Disclosed
20 Aug, 2015
Published
18 Jan, 2017