7 matches found
EUVD-2021-0746
Malware in sbrugna...
OS Command Injection
serial-number is vulnerable to OS command injection. The vulnerability exists as the values of cmdPrefix is improperly handled, allowing it to be passed into the exec function unsanitized...
CVE-2019-10804
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...
Input validation
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...
CVE-2019-10804
CVE-2019-10804 affects the Node.js package serial-number (up to version 1.3.0). The vulnerability arises because the cmdPrefix argument passed to serialNumber is used by the exec function without validation, enabling potential OS command injection. Public sources (SNYK, Red Hat, OSV/OSVDEV, NVD) ...
CVE-2019-10804
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...
Command Injection
Overview serial-number is a simple Node.js module for accessing the serial number a.k.a. Dell Service Tag, asset tag of the local machine. Affected versions of this package are vulnerable to Command Injection. The cmdPrefix argument in serialNumber function is used by the exec function without an...