66 matches found
GHSA-G4W6-C99W-4WH7 BrowserStack Local vulnerable to Command Injection through logfile variable
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
BrowserStack Local vulnerable to Command Injection through logfile variable
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
@author.io/karma-base (>=1.0.3 <=1.1.13), @author.io/karma-customelements (>=1.0.0 <=1.1.11) +119 more potentially affected by CVE-2025-57283 via browserstack-local (>=1.5.1 <=1.5.4)
browserstack-local NPM version =1.5.1, =1.0.3, =1.0.0, =0.1.4-git.201705230750, =1.0.0, =1.13.0, =1.0.1, =2.2.0, =0.18.1, =10.1.0, =6.0.0, =2.0.9, =7.4.0, =0.0.3, =0.4.0 and more Source cves: CVE-2025-57283 Source advisory: SNYK:JS-BROWSERSTACKLOCAL-15149317...
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
EUVD-2025-206491
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
Command Injection
Overview browserstack-local is a Nodejs bindings for BrowserStack Local Affected versions of this package are vulnerable to Command Injection via the logfile variable in lib/Local.js. An attacker can execute arbitrary operating system commands by supplying crafted input to this variable. This is...
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
PT-2026-5132
Name of the Vulnerable Software and Affected Versions browserstack-local version 1.5.8 Description The Node.js package browserstack-local is affected by a command injection issue. The problem stems from insufficient sanitization of the logfile variable within the lib/Local.js file, potentially...
CVE-2025-57283
Node.js package browserstack-local v1.5.8 contains a command‑injection vulnerability. The logfile variable is not properly sanitized in lib/Local.js, allowing an attacker to cause arbitrary OS commands to execute when the variable is processed. Exploitation is contingent on the attacker’s ability...
Malicious Package
Overview node-js-playwright-browserstack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
Malicious code in node-js-playwright-browserstack (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1641207c93032c94f176032bea4a9fc81eecc63bf9340ebc483585378afdb939 Any computer that has this package installed or running should be considered...
MAL-2025-48744 Malicious code in node-js-playwright-browserstack (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1641207c93032c94f176032bea4a9fc81eecc63bf9340ebc483585378afdb939 Any computer that has this package installed or running should be considered...
Malicious code in cucumber-js-browserstack (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2f1891754984c705408dd02f9fb37660e1d4d84780ad4be25a83910d1eb789d Any computer that has this package installed or running should be considered...
Malicious Package
Overview cucumber-js-browserstack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2025-47304 Malicious code in cucumber-js-browserstack (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2f1891754984c705408dd02f9fb37660e1d4d84780ad4be25a83910d1eb789d Any computer that has this package installed or running should be considered...
Malicious code in browserstack-docker-example (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-1842 Malicious code in browserstack-docker-example (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in webdriverio-browserstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 558220ecb7cc65dd1c6bd3cb85413d458fb89da42e9ec16e2e1811a252761b15 The OpenSSF Package Analysis project identified 'webdriverio-browserstack' @ 0.2.0 npm as malicious. It is considered malicious because: - The...