3 matches found
CVE-2019-15597
An RCE attack was found in node-df, allowing an attacker to inject code via unsanitized input. The issue occurs because user input is concatenated inside a command that will be executed without verification...
CVE-2019-15597
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input...
CVE-2019-15597
CVE-2019-15597 affects the Node.js wrapper package node-df (v0.1.4). The root cause is unsanitized user input being concatenated into a shell command that is executed, enabling an attacker to perform remote code execution (RCE). Several sources explicitly state that all versions are vulnerable du...