CVE Vulnerabilities

CVE-2022-25962

Published: Jan 26, 2023 | Modified: Aug 08, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.

Affected Software

Name Vendor Start Version End Version
Vagrant.js Vagrant.js_project * *

References