blamer

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting blamerpage 1 of 1

CVE-2019-10807CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.1
2020-03-11
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.
CVE-2020-8137CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.1
2020-03-20
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.
CVE-2023-26143MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.0.4
2023-09-19
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it p…

Check whether blamer is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for blamer CVEs against the assets you own.

Start Free Scan →