Homepage
About Snyk

@hoppscotch/cli@0.6.0 vulnerabilities

A CLI to run Hoppscotch test scripts in CI environments.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @hoppscotch/cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Injection

@hoppscotch/cli is an A CLI to run Hoppscotch test scripts in CI environments.

Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper handling of user-supplied input in the vm module context. An attacker can execute arbitrary system commands on the victim's machine by crafting a malicious pre-request script that escapes the sandbox environment.

Note

This is only exploitable if the victim downloads and runs a malicious Hoppscotch collection with the CLI tool.

How to fix Arbitrary Command Injection?

Upgrade @hoppscotch/cli to version 0.8.0 or higher.

<0.8.0
Go back to all versions of this package