-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability involves code injection leading to RCE when processing user input. In Node.js packages, this typically occurs when user input is passed to command execution functions like child_process.exec without proper sanitization. The blamer package's core functionality involves executing git commands, making Blamer.getBlame the most probable location where user input would be incorporated into system commands. The medium confidence reflects the lack of direct patch access, but aligns with the described vulnerability pattern and npm ecosystem practices.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| blamer | npm | <= 1.0.0 | 1.0.1 |
JavaScriptJavaScriptOngoing coverage of React2Shell