GMS-2020-2

Vulnerable Component Details
Type Namespace Name Version Package URL
npm None execa 0.7.0 pkg:npm/execa@0.7.0
Vulnerability Details
ID GMS-2020-2
Description Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting `preferLocal=true` which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
Recommendation Upgrade to version 2.0.0 or above.
Ratings
Severity Score Method Vector Source
9.8 CVSSv3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Found By Gitlab Gemnasium
References / Advisories
Weakness Enumeration