GHSA-qh2h-chj9-jffq

Опубликовано: 08 июн. 2018

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Growl before 1.10.0 vulnerable to Command Injection

Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.

Recommendation

Update to version 1.10.0 or later.

Ссылки

Пакеты

Наименование

growl

npm

Затронутые версииВерсия исправления

< 1.10.0

1.10.0

EPSS

Процентиль: 57%

0.00349

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-16042

Дефекты

CWE-78

CWE-94

Связанные уязвимости

CVE-2017-16042

CVSS3: 9.8

ubuntu

больше 7 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

CVE-2017-16042

CVSS3: 8.1

redhat

больше 9 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

CVE-2017-16042

CVSS3: 9.8

nvd

больше 7 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

CVE-2017-16042

CVSS3: 9.8

debian

больше 7 лет назад

Growl adds growl notification support to nodejs. Growl before 1.10.2 d ...

EPSS

Процентиль: 57%

0.00349

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-16042

Дефекты

CWE-78

CWE-94