9 matches found
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
OS Command Injection in closure-compiler-stream
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...
GHSA-M647-5WF9-3JP3 OS Command Injection in closure-compiler-stream
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...
OS Command Injection
closure-compiler-stream is vulnerable to OS command injection. The args options are passed to the exec function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands...
closure-compiler-stream injection vulnerability
closure-compiler-stream is a stream interface to a closure compiler. A security vulnerability exists in closure-compiler-stream version 0.1.15 and earlier, which stems from the program failing to perform any cleanup operations on the user-controllable 'options' parameter. An attacker could use th...
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
CVE-2020-7603
CVE-2020-7603 affects the Node.js module closure-compiler-stream (version 0.1.15 and earlier). The root cause is that the argument module’s exports function options parameter in index.js is controllable by users without sanitization, enabling arbitrary command execution. Multiple sources corrobor...
Command Injection
Overview closure-compiler-stream is a Streaming interface for closure compiler. Affected versions of this package are vulnerable to Command Injection. The argument options of the exports function in index.js can be controlled by users without any sanitization. PoC var root =...