Описание
Command Injection in umount
All versions of umount are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the umount function . This may allow attackers to execute arbitrary code in the system if the device value passed to the function is user-controlled.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
umount
npm
Затронутые версииВерсия исправления
<= 1.1.6
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
почти 6 лет назад
umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization.
CVSS3: 6.5
fstec
почти 6 лет назад
Уязвимость функции exec модуля umount пакетного менеджера NPM, позволяющая нарушителю выполнить произвольные команды