CNNVD-202601-4848 Information
CNNVD ID
CNNVD-202601-4848
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
Node Version Manager是nvm.sh开源的一个节点版本管理器。 Node Version Manager 0.40.3及之前版本存在安全漏洞,该漏洞源于nvm_download函数使用eval执行wget命令且NVM_AUTH_HEADER环境变量未清理,可能导致命令注入。
Description (English)
Node Version Manager is a nodal version manager for nvm.sh open source. Node Version Manager 0.40.3 and previous versions have a security loophole, which stems from the use of the NVm download function to execute the wget command and the clean-up of the NVM AUTH HEADER environmental variable, which may lead to the injection of the command.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
nvm.sh
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/nvm-sh/nvm https://github.com/nvm-sh/nvm/commit/44e2590cdf257faf7d885e4470be8dc66cec9506 https://github.com/nvm-sh/nvm/pull/3380 https://github.com/nvm-sh/nvm/releases/tag/v0.40.4 https://access.redhat.com/security/cve/cve-2026-1665
Patch
https://github.com/nvm-sh/nvm/releases
Share on: