Описание
Command Injection in Limdu
Impact
The trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Patches
Patched in version 0.9.5.
Workarounds
Do not use trainBatch with classifiers that rely on shell execution, such as SVM Perf, SVM Linear or Adaboost
References
No
Пакеты
Наименование
limdu
npm
Затронутые версииВерсия исправления
<= 0.9.4
0.9.5
Связанные уязвимости
CVSS3: 3.8
nvd
больше 5 лет назад
In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.