Versions of apex-publish-static-files
before 2.0.1 are vulnerable to command injection. This is exploitable if user input is passed into the connectString
option in the publish
method.
Update to version 2.0.1 or later.
CPE | Name | Operator | Version |
---|---|---|---|
apex-publish-static-files | lt | 2.0.1 |