12 matches found
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
EUVD-2021-1055
Malware in sbrugna...
sulu-file-system-view-prompt-here (>=1.0.2 <=1.0.4) potentially affected by CVE-2020-7602 via node-prompt-here (=1.0.1)
node-prompt-here NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on node-prompt-here and may be impacted: - sulu-file-system-view-prompt-here =1.0.2, =1.0.4 Source cves: CVE-2020-7602 Source advisory: OSV:GHSA-F8FH-8RGM-227H...
OS Command Injection in node-prompt-here
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...
GHSA-F8FH-8RGM-227H OS Command Injection in node-prompt-here
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...
node-prompt-here injection vulnerability
node-prompt-here is a package for opening a console window in a given directory. A security vulnerability exists in node-prompt-here 1.0.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary commands...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
CVE-2020-7602
CVE-2020-7602 relates to node-prompt-here up to version 1.0.1 where the runCommand() in linux/manager.js is invoked by getDevices(), which is tied to index.process.env.NM_CLI. The argument to execSync() is constructed unsafely and controllable by users, enabling arbitrary command execution (OS co...
sulu-file-system-view-prompt-here (>=1.0.2 <=1.0.4) potentially affected by CVE-2020-7602 via node-prompt-here (=1.0.1)
node-prompt-here NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on node-prompt-here and may be impacted: - sulu-file-system-view-prompt-here =1.0.2, =1.0.4 Source cves: CVE-2020-7602 Source advisory: SNYK:JS-NODEPROMPTHERE-560115...
Command Injection
Overview node-prompt-here is a package to open a console window at given absolute directory. Affected versions of this package are vulnerable to Command Injection. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the fi...