NuProcess is a low-overhead, non-blocking I/O, external process implementation of Java from Brett Wooldridge’s personal developer. NuProcess 1.2.0 and later, and versions prior to 2.0.5, are vulnerable to command injection, which stems from the failure of a network system or product to properly filter the user’s input during the execution of a constructed command. special characters, commands, etc. An attacker could exploit the vulnerability by using NUL characters in their strings to perform command line injection.
CPE | Name | Operator | Version |
---|---|---|---|
brett wooldridge nuprocess >=1.2.0, | lt | 2.0.5 |