Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package codecov, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-15123 — CVSS 9.3 (critical): In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library…
CVE-2020-7596 — CVSS 8.8 (high): Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVE-2020-7597 — CVSS 8.8 (high): codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root…