3 matches found
helper-clockmaker (=1.0.3), jasmine-runner (>=0.1.0 <=0.2.9) +1 more potentially affected by CVE-2017-16042 via growl (=1.0.2)
growl NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on growl and may be impacted: - helper-clockmaker =1.0.3 - jasmine-runner =0.1.0, =0.6.2, =0.8.0 Source cves: CVE-2017-16042 Source advisory: OSV:GHSA-QH2H-CHJ9-JFFQ...
CVE-2017-16042
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...
CVE-2017-16042
The CVE-2017-16042 entry concerns Growl for Node.js. Affected: growl prior to version 1.10.2. Root cause: input is not properly sanitized before being passed to exec, enabling arbitrary command execution. Impact: remote command execution via crafted input in the Growl integration for nodejs. Expl...