Home > Vulnerability Database > CVE-2018-3786

Mend.io Vulnerability Database

CVE-2018-3786

Good to know:

Date: August 18, 2018

A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.

Language: JS

Severity Score

9.8

Related Resources (8)

Url: https://www.npmjs.com/advisories/694

Url: https://github.com/eggjs/egg-scripts/blob/2.8.1/History.md

Url: https://hackerone.com/reports/388936

Url: https://github.com/advisories/GHSA-c9j3-wqph-5xx9

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-3786

Url: https://github.com/eggjs/egg-scripts/pull/26

Url: https://github.com/eggjs/egg-scripts/commit/b98fd03d1e3aaed68004b881f0b3d42fe47341dd

Url: https://www.mend.io/vulnerability-database/CVE-2018-3786

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

Upgrade Version

Upgrade to version egg-scripts - 2.8.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-3786

Good to know:

Date: August 18, 2018

Language: JS

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?