Unsanitized Gcov Arguments in Codecov Package (CVE-XXXX-XXXX)

Unsanitized Gcov Arguments in Codecov Package (CVE-XXXX-XXXX)

CVE-2019-10800 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

Learn more about our Web Application Penetration Testing UK.