Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-W725-67P7-XV22
HistorySep 03, 2020 - 5:05 p.m.

Command Injection in local-devices

2020-09-0317:05:04
Google
osv.dev
5
JSON

Versions of local-devices prior to 3.0.0 are vulnerable to Command Injection. The package does not validate input on ip addresses and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.

Recommendation

Upgrade to version 3.0.0 or later.

JSON