OS Command Injection

extra-asciinema is vulnerable to OS Command Injection. The vulnerability exists as it was possible to execute commands using execFile through upload, uploadSync, recSync, rec...

Node.js third-party modules: [extra-asciinema] Command Injection via insecure command formatting

I would like to report a Command Injection issue in the extra-asciinema module. It allows to execute arbitrary commands on the victim's PC. Module module name: extra-asciinema version: 1.0.5 npm page: https://www.npmjs.com/package/extra-asciinema Module Description asciinema is a terminal screen...