npm package
codecov
pkg:npm/codecov
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15123 | — | < 3.7.1 | 3.7.1 | Jul 20, 2020 | In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5 | ||
| CVE-2020-7597 | — | < 3.6.5 | 3.6.5 | Feb 17, 2020 | codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | ||
| CVE-2020-7596 | — | < 3.6.2 | 3.6.2 | Jan 25, 2020 | Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. |
- CVE-2020-15123Jul 20, 2020affected < 3.7.1fixed 3.7.1
In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5
- CVE-2020-7597Feb 17, 2020affected < 3.6.5fixed 3.6.5
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
- CVE-2020-7596Jan 25, 2020affected < 3.6.2fixed 3.6.2
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.