Описание
Command Injection in addax
Versions of addax prior to 1.1.0 are vulnerable to Command Injection. The package does not validate user input on the presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary commands in the system.
Recommendation
Upgrade to version 1.1.0 or later.
Пакеты
Наименование
addax
npm
Затронутые версииВерсия исправления
< 1.1.0
1.1.0
Дефекты
CWE-77
Дефекты
CWE-77