You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Clamscan vulnerable to command injection
High severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 19, 2023
clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the _is_clamav_binary function located within Index.js. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue.
clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the
_is_clamav_binary
function located withinIndex.js
. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue.References