The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
CPE | Name | Operator | Version |
---|---|---|---|
powershell_universal | eq | 4.2.0 | |
powershell_universal | ge | 4.1.0 | |
powershell_universal | lt | 4.1.10 | |
powershell_universal | ge | 3.0.0 | |
powershell_universal | lt | 3.10.2 |