CVE-2020-7597

Published: Feb 17, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.

Vendor	Product	Versions
n/a	codecov npm module	affected `All versions prior to version 3.6.5`

References

https://github.com/codecov/codecov-node/commit/02cf13d8b93ac547b5b4c2cfe186b7d874fd234f

x_refsource_MISC

https://snyk.io/vuln/SNYK-JS-CODECOV-548879

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-7597

Description

Affected Products

References