Back to bug 2060615
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2022-03-03 23:47:32 UTC | CC | fboucher, hhorak, jorton, ldap-maint, mpitt, nodejs-maint, openstack-sig, pabelanger | |
| Anten Skrabec | 2022-03-03 23:52:58 UTC | Depends On | 2060677, 2060674, 2060673, 2060672, 2060678, 2060676, 2060679, 2060680, 2060671 | |
| Anten Skrabec | 2022-03-03 23:54:48 UTC | Blocks | 2060681 | |
| Mauro Matteo Cascella | 2022-04-01 12:50:32 UTC | CC | epel-packagers-sig, ngompa13 | |
| Mauro Matteo Cascella | 2022-04-01 12:51:02 UTC | Depends On | 2070960 | |
| Mauro Matteo Cascella | 2022-04-01 13:18:50 UTC | Doc Text | A flaw was found in npm-lockfile. npm-lockfile v2 did not sanitize the `only` parameter before invoking sensitive command execution API with the input, leading to a command injection vulnerability. | |
| Product Security DevOps Team | 2022-04-01 13:25:20 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2022-04-01 13:25:20 UTC | |||
| RaTasha Tillery-Smith | 2022-04-01 16:23:07 UTC | Doc Text | A flaw was found in npm-lockfile. npm-lockfile v2 did not sanitize the `only` parameter before invoking sensitive command execution API with the input, leading to a command injection vulnerability. | A flaw was found in npm-lockfile, where npm-lockfile v2 did not sanitize the `only` parameter before invoking sensitive command execution API with the input. This issue leads to a command injection vulnerability. |
Back to bug 2060615