CVE-2019-10800 MEDIUM

CVE-2019-10800: Command Injection

Vendor N/A
Product codecov
Published July 13, 2022
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

Key dates

02Disclosure timeline

July 13, 2022 CVE published
September 16, 2024 Record updated