Skip to main content

Blamer

2 CVEs product

Monthly

CVE-2023-26143 npm CRITICAL POC PATCH Act Now

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Blamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-8137 npm CRITICAL POC PATCH Act Now

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Blamer
NVD
CVSS 3.1
9.8
EPSS
4.2%
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Blamer
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Blamer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy