Critical severity9.8NVD Advisory· Published Jan 8, 2020· Updated Jun 17, 2026
CVE-2019-10777
CVE-2019-10777
Description
In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aws-lambdanpm | < 1.0.5 | 1.0.5 |
Affected products
2- aws-lambda/aws-lambdadescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-934x-72xh-5hrgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10777ghsaADVISORY
- snyk.io/vuln/SNYK-JS-AWSLAMBDA-540839nvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.