2 matches found
alfred-material-manager (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via alfred-workflow-nodejs (=2.0.4)
alfred-workflow-nodejs NPM version =2.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on alfred-workflow-nodejs and may be impacted: - alfred-material-manager =1.0.0, =1.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ALFREDWORKFLOWNODEJS-608975...
Command Injection
Overview alfred-workflow-nodejs is an Alfred workflow nodejs module Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the key values. PoC var AlfredNode = require'alfred-workflow-nodejs'; var util...