Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-21191
Modified
More InfoOfficial Page
Source-report@snyk.io
View Known Exploited Vulnerability (KEV) details
Published At-13 Jan, 2023 | 05:15
Updated At-04 Apr, 2025 | 15:15

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
global-modules-path_project
global-modules-path_project
>>global-modules-path>>Versions before 3.0.0(exclusive)
cpe:2.3:a:global-modules-path_project:global-modules-path:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Secondaryreport@snyk.io
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-77Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-78
Type: Secondary
Source: report@snyk.io
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/lorenzomigliorero/npm-node-utils/blob/b55dd81c597db657c9751332bb2242403fd3e26b/index.js%23L186report@snyk.io
Broken Link
Third Party Advisory
https://github.com/rosen-vladimirov/global-modules-path/commit/edbdaff077ea0cf295b1469923c06bbccad3c180report@snyk.io
Patch
Third Party Advisory
https://github.com/rosen-vladimirov/global-modules-path/releases/tag/v3.0.0report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-GLOBALMODULESPATH-3167973report@snyk.io
Third Party Advisory
https://github.com/lorenzomigliorero/npm-node-utils/blob/b55dd81c597db657c9751332bb2242403fd3e26b/index.js%23L186af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
https://github.com/rosen-vladimirov/global-modules-path/commit/edbdaff077ea0cf295b1469923c06bbccad3c180af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://github.com/rosen-vladimirov/global-modules-path/releases/tag/v3.0.0af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-GLOBALMODULESPATH-3167973af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://github.com/lorenzomigliorero/npm-node-utils/blob/b55dd81c597db657c9751332bb2242403fd3e26b/index.js%23L186
Source: report@snyk.io
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://github.com/rosen-vladimirov/global-modules-path/commit/edbdaff077ea0cf295b1469923c06bbccad3c180
Source: report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/rosen-vladimirov/global-modules-path/releases/tag/v3.0.0
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-GLOBALMODULESPATH-3167973
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://github.com/lorenzomigliorero/npm-node-utils/blob/b55dd81c597db657c9751332bb2242403fd3e26b/index.js%23L186
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://github.com/rosen-vladimirov/global-modules-path/commit/edbdaff077ea0cf295b1469923c06bbccad3c180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/rosen-vladimirov/global-modules-path/releases/tag/v3.0.0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-GLOBALMODULESPATH-3167973
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found