admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-28 08:01:01 +00:00
parent 63b790b75f
commit 453da06339
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2021/23xxx/CVE-2021-23399.json
View File

@ -48,12 +48,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-WINCRED-1078538" "url": "https://snyk.io/vuln/SNYK-JS-WINCRED-1078538",
"name": "https://snyk.io/vuln/SNYK-JS-WINCRED-1078538"
}, },
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://github.com/rolangom/wincred/blob/3fd39186ee32add9c12046cdccf2765d19565335/index.ts%23L20" "url": "https://github.com/rolangom/wincred/blob/3fd39186ee32add9c12046cdccf2765d19565335/index.ts%23L20",
"name": "https://github.com/rolangom/wincred/blob/3fd39186ee32add9c12046cdccf2765d19565335/index.ts%23L20"
} }
] ]
}, },
@ -61,7 +63,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This affects all versions of package wincred.\n If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization.\r\n\r\n\r\n" "value": "This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization."
} }
] ]
}, },