Описание
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | nodejs-growl | Not affected | ||
| Red Hat Virtualization 4 | ovirt-engine-dashboard | Not affected | ||
| Red Hat Virtualization 4 | ovirt-engine-ui-extensions | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1585953nodejs-growl: Does not properly sanitize input before passing it to exec
EPSS
Процентиль: 57%
0.00349
Низкий
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 7 лет назад
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
CVSS3: 9.8
nvd
больше 7 лет назад
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
CVSS3: 9.8
debian
больше 7 лет назад
Growl adds growl notification support to nodejs. Growl before 1.10.2 d ...
CVSS3: 9.8
github
больше 7 лет назад
Growl before 1.10.0 vulnerable to Command Injection
EPSS
Процентиль: 57%
0.00349
Низкий
8.1 High
CVSS3