GHSA-FM76-W8JW-XF8M @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source

Summary When creating a new plugin using the git source, the user-controlled value req.body.name is used to build the plugin directory where the location will be cloned. The API used to execute the git clone command with the user-controlled data is childprocess.execSync. Since the user-controlled...

Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...