CVE-2023-2564

Published: May 7, 2023Modified: Jun 17, 2026

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.

Affected (1)

Products: Scanservjs Project: Scanservjs

Scanservjs Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Scanservjs Project Scanservjs	Before 2.27.0

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1

Source: security@huntr.dev

Patch

https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.