BF Specification of CVE-2023-2564 OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.
-0.png)
//generated//
Missing Code (in '_format(value)') to Denylist Sanitize arrays of strings ((the characters '$', ' ', '#', '\\', or ';')) Entered (via API via '/preview' or '/scan' POST endpoint) in Codebase (packages/server/src/classes/command-builder.js#L21) Local leads to Command Injection ((OS Command Injection))
. If exploited this can lead to ACE (RCE) (everything could be lost).
vendor:product: scanservjs_project:scanservjs |
| Class | Definition |
| DVL | Data Validation (DVL) class – Data are validated (syntax check) or sanitized (escape, filter, repair) improperly. |
| Operation | Definition |
| Sanitize | Sanitize operation – Modify data (neutralize/escape, filter/remove, repair/add symbols) to make it valid (well-formed). |
| Cause/Consequence | Definition |
| Code Bug | Code Bug type – Defect in the implementation of the operation – proper operands over an improper operation. A first cause for the chain of weaknesses underlying a software security vulnerability. Must be fixed to resolve the vulnerability. |
| Missing Code | Missing Code bug - The operation is entirely absent. |
| Injection Final Error | Injection exploitable error type – An exploitable or undefined system behavior caused by 'code separation' data validation bugs. |
| Command Injection | Command Injection exploitable error – Maliciously inserted new commands into the input to a command sent to an OS or a server. |
| Operation Attribute | Definition |
| Mechanism | Mechanism operation attribute type – Shows how the buggy/faulty operation code is performed. |
| Denylist | Denylist operation attribute – The operation is via a policy based on a set of known bad content; helps reject outright maliciously malformed data. |
| Source Code | Source Code operation attribute type – Shows where the operation with the bug or a faulty operand is in the program – in what kind of software. |
| Codebase | Codebase operation attribute – The operation is in the programmer's code - in the application itself. |
| Execution Space | Execution Space operation attribute type – Shows where the buggy/faulty operation code is running or with what privilege level. |
| Local | Local operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission. |
| Operand Attribute | Definition |
| Data State | Data State operand attribute type operand attribute – Shows where the data come from. |
| Entered | Entered operand attribute – Data are from a user via a user interface (e.g., input field of a dialog or a command prompt). |