OS Command Injection in ljharb/npm-lockfile
CVE-2022-0841

3.8LOW

Key Information:

Vendor: Ljharb
Status: Ljharb/npm-lockfile
Vendor: CVE Published:; 3 March 2022

🔔 Create Ljharb Vulnerability Alert

What is CVE-2022-0841?

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.

Affected Version(s)

ljharb/npm-lockfile 2.0.3

ljharb/npm-lockfile 2.0.4

References

https://huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1...

x_refsource_CONFIRM

https://github.com/ljharb/npm-lockfile/commit/bfdb8481326...

x_refsource_MISC

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2022
Vulnerability Reserved
Mar 3, 2022

CVE-2022-0841 Data

JSON