Описание
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-jison | not-affected | package |
Примечания
https://hackerone.com/reports/690010
ports/ is stripped/excluded in the src:node-jison source package.
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
CVSS3: 9.8
nvd
больше 5 лет назад
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
