GHSA-xhjx-mfr6-9rr4

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Command Injection in samsung-remote

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor.

Recommendation

Update to version 1.3.5 or later.

Ссылки

https://hackerone.com/reports/394294
https://github.com/nodejs/security-wg/blob/master/vuln/npm/465.json
https://www.npmjs.com/advisories/734

Пакеты

Наименование

samsung-remote

npm

Затронутые версииВерсия исправления

< 1.3.5

1.3.5

Дефекты

CWE-77

Дефекты

CWE-77