helper-clockmaker (=1.0.3), jasmine-runner (>=0.1.0 <=0.2.9) +1 more potentially affected by CVE-2017-16042 via growl (=1.0.2)

growl NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on growl and may be impacted: - helper-clockmaker =1.0.3 - jasmine-runner =0.1.0, =0.6.2, =0.8.0 Source cves: CVE-2017-16042 Source advisory: OSV:GHSA-QH2H-CHJ9-JFFQ...

UBUNTU-CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...