Lucene search

K
osvGoogleOSV:GHSA-W725-67P7-XV22
HistorySep 03, 2020 - 5:05 p.m.

Command Injection in local-devices

2020-09-0317:05:04
Google
osv.dev
5

Versions of local-devices prior to 3.0.0 are vulnerable to Command Injection. The package does not validate input on ip addresses and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.

Recommendation

Upgrade to version 3.0.0 or later.

CPENameOperatorVersion
local-deviceslt3.0.0