Version of windows-cpu
before 0.1.5 will execute arbitrary code passed into the first argument of the findLoad
method, resulting in remote code execution.
var win = require('windows-cpu');
wind.findLoad('foo & calc.exe');
Update to version 0.1.5 or later.
CPE | Name | Operator | Version |
---|---|---|---|
windows-cpu | lt | 0.1.5 |