Описание
OS Command Injection in curling
npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.
Пакеты
Наименование
curling
npm
Затронутые версииВерсия исправления
<= 1.0.0
1.1.0
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.