GHSA-j9f8-8h89-j69x

Опубликовано: 11 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 7.3

Описание

Remote Code Execution in node-os-utils

Versions of node-os-utils prior to 1.1.0 are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution.

Recommendation

Upgrade to version 1.1.0 or later.

Ссылки

https://github.com/SunilWang/node-os-utils/issues/2
https://snyk.io/vuln/SNYK-JS-NODEOSUTILS-173696
https://www.npmjs.com/advisories/784

Пакеты

Наименование

node-os-utils

npm

Затронутые версииВерсия исправления

< 1.1.0

1.1.0

7.3 High

CVSS3

Дефекты

CWE-94

7.3 High

CVSS3

Дефекты

CWE-94