Command Injection in soletta-dev-app

2020-09-11T21:08:19
ID GHSA-8MGG-5X65-M4M4
Type github
Reporter GitHub Advisory Database
Modified 2020-09-11T21:08:19

Description

All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.