Arbitrary Command Execution in clamscan

Do your applications use this vulnerable package? Test your applications

Overview

clamscan is Use Node JS to scan files on your server with ClamAV's clamscan binary or clamdscan daemon. Affected versions of the package are vulnerable to Arbitrary Command Execution. No other information was given.

Remediation

Upgrade clamscan to version 0.8.2 or higher.

References

GitHub Commit

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

None

Credit: Unknown
CWE: CWE-94
Snyk ID: npm:clamscan:20150821
Disclosed: 20 Aug, 2015
Published: 18 Jan, 2017

Arbitrary Command Execution
Affecting clamscan package, versions <0.8.2

Overview

Remediation

References

CVSS Score

Arbitrary Command Execution Affecting clamscan package, versions <0.8.2

Overview

Remediation

References

Arbitrary Command Execution
Affecting clamscan package, versions <0.8.2