2 matches found
apex-frontend-boost (>=3.1.0 <=3.1.4), apex-nitro (>=4.0.0 <=4.0.0-beta.5) potentially affected by CVE-2018-16462 via apex-publish-static-files (=1.0.8)
apex-publish-static-files NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on apex-publish-static-files and may be impacted: - apex-frontend-boost =3.1.0, =4.0.0, =4.0.0-beta.5 Source cves: CVE-2018-16462 Source advisory:...
CVE-2018-16462
The CVE-2018-16462 entry concerns the npm package apex-publish-static-files. Affected versions are those before 2.0.1, where user-supplied input can trigger a command injection, enabling arbitrary shell command execution. Several connected sources corroborate this: the NVD entry describes a comma...