Arbitrary Command Injection

Open is vulnerable to arbitrary command injection. It fails to escape malicious user input, which is directly passed to childprocess.exec, allowing an attacker to inject and execute arbitrary commands...

CVE-2019-12047

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...

Command Injection

samsung-remote is vulnerable to command injection attacks. The library does not properly sanitize the IP address argument before passing it to the childprocess.exec function, allowing a malicious user to inject and execute arbitrary code...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Command injection

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Command Injection

pidusage is vulnerable to command injections. Unsanitized input given to childprocess.exec resulting in command injection in the ps method. This is caused because the pid is never cast to an integer as it expects. Windows and Linux are not vulnerable but Darwin, SunOS, FreeBSD, and AIX are...