Описание
Command Injection in nuance-gulp-build-common
All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file.
PoC:
var a = require("nuance-gulp-build-common")
a.run("touch JHU")
Пакеты
Наименование
nuance-gulp-build-common
npm
Затронутые версииВерсия исправления
<= 0.0.1
Отсутствует
Связанные уязвимости
nvd
почти 5 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none