CVE-2017-16042

Опубликовано: 04 июн. 2018

Источник: debian

Описание

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-growl	fixed	1.10.5-1		package
node-growl	fixed	1.7.0-1+deb9u1	stretch	package

Примечания

Issue: https://github.com/tj/node-growl/issues/60
https://github.com/tj/node-growl/pull/61
https://nodesecurity.io/advisories/146
nodejs not covered by security support

Связанные уязвимости

CVE-2017-16042

CVSS3: 9.8

ubuntu

больше 7 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

CVE-2017-16042

CVSS3: 8.1

redhat

больше 9 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

CVE-2017-16042

CVSS3: 9.8

nvd

больше 7 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

GHSA-qh2h-chj9-jffq

CVSS3: 9.8

github

больше 7 лет назад

Growl before 1.10.0 vulnerable to Command Injection