Affected versions of the console-io
package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io
allows terminal access on the server via a web page, an authentication bypass is essentially remote code execution.
Update to version 2.3.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
console-io | lt | 2.3.0 |