Описание
OS Command Injection in compile-sass
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.
Пакеты
Наименование
compile-sass
npm
Затронутые версииВерсия исправления
< 1.0.5
1.0.5
Связанные уязвимости
CVSS3: 8.2
nvd
почти 6 лет назад
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.