6 matches found
EUVD-2021-0621
Malware in sbrugna...
Improper Neutralization of Special Elements used in a Command
Overview In madge before version 4.0.1 it is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function. Recommendation Upgrade to version 4.0.1 or later References - GitH...
CVE-2021-23352
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...
Path traversal
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...
madge SQL注入漏洞
madge is an open source developer tool for generating visual graphs of module dependencies, finding circular dependencies, and providing you with other useful information. A SQL injection vulnerability exists in madge before 4.0.1, which stems from the graphVizPath option parameter specifying a...
OS Command Injection
node-ps is vulnerable to OS command injection. The vulnerability exists as untrusted input is passed to childProcess.exec is not validated and sanitized...