Lucene search

K
githubGitHub Advisory DatabaseGHSA-XMXH-G7WJ-8M4M
HistoryApr 13, 2021 - 3:32 p.m.

OS Command Injection in curling

2021-04-1315:32:26
CWE-78
GitHub Advisory Database
github.com
32

0.268 Low

EPSS

Percentile

96.7%

npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.

CPENameOperatorVersion
curlingle1.0.0

0.268 Low

EPSS

Percentile

96.7%

Related for GHSA-XMXH-G7WJ-8M4M