4 matches found
electron-staff (=1.0.0), https-curl (=1.7.9) +2 more potentially affected by CVE-2025-55294 via screenshot-desktop (>=0.0.0-development <=1.15.1)
screenshot-desktop NPM version =0.0.0-development, =1.0.0, =1.0.1 Source cves: CVE-2025-55294 Source advisory: OSV:GHSA-GJX4-2C7G-FM94...
https-curl (=1.7.9), multi-installer (=0.0.1) +1 more potentially affected by CVE-2025-55294 via screenshot-desktop (>=1.15.0 <=1.15.1)
screenshot-desktop NPM version =1.15.0, =1.0.0, =1.0.1 Source cves: CVE-2025-55294 Source advisory: SNYK:JS-SCREENSHOTDESKTOP-12028632...
CVE-2025-55294
screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...
CVE-2025-55294
The CVE-2025-55294 issue affects the screenshot-desktop package. The vulnerability stems from the format option in the Snapshot function, where user-controlled input is interpolated into a shell command without sanitization, enabling arbitrary command execution with the caller’s privileges. Repor...