Описание
Command Injection in jison
Withdrawn: This vulnerability is not present in the released npm package. Rather the vulnerable code is part of the repo, but not part of the package. See linked hackerone report for more details.
Insufficient input validation in npm package jison <= 0.4.18 may lead to OS command injection attacks.
Пакеты
Наименование
jison
npm
Затронутые версииВерсия исправления
<= 0.4.18
Отсутствует
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
CVSS3: 9.8
nvd
больше 5 лет назад
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
CVSS3: 9.8
debian
больше 5 лет назад
Insufficient input validation in npm package `jison` <= 0.4.18 may lea ...