Описание
Command Injection in priest-runner
All versions of priest-runner are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to a spawn call, which may allow attackers to execute arbitrary code in the system. The PriestController.prototype.createChild function is vulnerable since the spawn parameters come from a POST request body.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
priest-runner
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-77
Дефекты
CWE-77