{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T04:38:22.235","vulnerabilities":[{"cve":{"id":"CVE-2023-40582","sourceIdentifier":"security-advisories@github.com","published":"2023-08-30T18:15:09.783","lastModified":"2024-11-21T08:19:45.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source."},{"lang":"es","value":"find-exec es una utilidad para descubrir comandos de shell disponibles. Las versiones anteriores a la 1.0.3 no escapaban correctamente la entrada del usuario y son vulnerables a la inyección de comandos a través de un parámetro controlado por un atacante. Como resultado, los atacantes pueden ejecutar comandos de shell maliciosos en el contexto del proceso en ejecución. Este problema ha sido abordado en la versión 1.0.3. Se aconseja a los usuarios actualizar. Los usuarios que no puedan actualizar deben asegurarse de que toda la entrada pasada a find-exec provenga de una fuente confiable."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:find-exec_project:find-exec:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.0.3","matchCriteriaId":"9D212061-F058-4CB9-A96E-23856D97B658"}]}]}],"references":[{"url":"https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}