Base Score

CRITICAL10

CVE-2018-16462

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

VectorNETWORK

Published Bysupport@hackerone.com

Published DateOct 30, 2018, 21:29

Affected Versions(1)

apex-publish-static-files(npm)

Introduced0

Fixed2.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
apex-publish-static-files(npm)	0	2.0.1	N/A

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://hackerone.com/reports/405694

Base Score

CRITICAL10

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH