Lucene search

K
nodejsDouglas HallNODEJS:734
HistoryNov 07, 2018 - 10:21 p.m.

Command Injection

2018-11-0722:21:37
Douglas Hall
www.npmjs.com
8
samsung-remote
command injection
vulnerability
update
hackerone
node.js
github advisory

Overview

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor.

Recommendation

Update to version 1.3.5 or later.

References

Affected configurations

Vulners
Node
samsung-remoteRange<1.3.5
VendorProductVersionCPE
*samsung-remote*cpe:2.3:a:*:samsung-remote:*:*:*:*:*:*:*:*