Описание
Command Injection in entitlements
Versions of entitlements prior to 1.3.0 are vulnerable to Command Injection. The package does not validate input on the entitlements function and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.
Recommendation
Upgrade to version 1.3.0 or later.
Пакеты
Наименование
entitlements
npm
Затронутые версииВерсия исправления
< 1.3.0
1.3.0
Дефекты
CWE-77
Дефекты
CWE-77