GHSA-j6v9-xgvh-f796

Опубликовано: 11 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Command Injection in wxchangba

All versions of wxchangba are vulnerable to Command Injection. The package does not validate user input on the reqPostMaterial function, passing contents of the file parameter to an exec call. This may allow attackers to run arbitrary commands in the system.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Ссылки

https://www.npmjs.com/advisories/960

Пакеты

Наименование

wxchangba

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-77

Дефекты

CWE-77