{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T19:07:27.661","vulnerabilities":[{"cve":{"id":"CVE-2019-10777","sourceIdentifier":"report@snyk.io","published":"2020-01-08T17:15:10.977","lastModified":"2024-11-21T04:19:54.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In aws-lambda versions prior to version 1.0.5, the \"config.FunctioName\" is used to construct the argument used within the \"exec\" function without any sanitization. It is possible for a user to inject arbitrary commands to the \"zipCmd\" used within \"config.FunctionName\"."},{"lang":"es","value":"En aws-lambda versiones anteriores a la versión  1.0.5, el \"config.FunctioName\" es usado para construir el argumento utilizado dentro de la función \"exec\" sin ningún saneamiento. Es posible que un usuario inyecte comandos arbitrarios en el \"zipCmd\" usado dentro de \"config.FunctionName\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:aws_lambda:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.5","matchCriteriaId":"2FED6498-8210-4EA6-8B8F-F57332D6188D"}]}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-JS-AWSLAMBDA-540839","source":"report@snyk.io","tags":["Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-AWSLAMBDA-540839","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}