Описание
Command Injection in apex-publish-static-files
Versions of apex-publish-static-files before 2.0.1 are vulnerable to command injection. This is exploitable if user input is passed into the connectString option in the publish method.
Recommendation
Update to version 2.0.1 or later.
Пакеты
Наименование
apex-publish-static-files
npm
Затронутые версииВерсия исправления
< 2.0.1
2.0.1
Связанные уязвимости
CVSS3: 10
nvd
больше 7 лет назад
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.