Homepage

@hoppscotch/cli@0.3.1 vulnerabilities

A CLI to run Hoppscotch test scripts in CI environments.

  • latest version

    0.20.1

  • latest non vulnerable version

    0.20.1

  • first published

    2 years ago

  • latest version published

    14 days ago

  • licenses detected

  • View cli package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @hoppscotch/cli package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Command Injection

    @hoppscotch/cli is an A CLI to run Hoppscotch test scripts in CI environments.

    Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper handling of user-supplied input in the vm module context. An attacker can execute arbitrary system commands on the victim's machine by crafting a malicious pre-request script that escapes the sandbox environment.

    Note

    This is only exploitable if the victim downloads and runs a malicious Hoppscotch collection with the CLI tool.

    How to fix Arbitrary Command Injection?

    Upgrade @hoppscotch/cli to version 0.8.0 or higher.

    <0.8.0
    Go back to all versions of this package