CVE-2020-7627

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

EUVD-2022-0824

Malicious code in bioql PyPI...

GHSA-4XRW-WVMQ-8JMH OS Command Injection in node-key-sender

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

@bionicmetrics/bionic (>=1.2.0 <=1.3.6), @smoosee/wakemeup (>=1.0.9 <=1.20.0) +7 more potentially affected by CVE-2020-7627 via node-key-sender (=1.0.11)

node-key-sender NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on node-key-sender and may be impacted: - @bionicmetrics/bionic =1.2.0, =1.0.9, =1.5.0, =0.0.1, =1.0.0, =1.0.5, =1.2.1, =1.1.0, =2.2.0 Source cves: CVE-2020-7627 Source...

OS Command Injection in node-key-sender

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

OS Command Injection

node-key-sender is vulnerable to OS command injection. The vulnerability exists through the unsanitized value of arrParams used in exec...

node-key-sender command injection vulnerability

node-key-sender is a module that sends keyboard events to the operating system. A command injection vulnerability exists in node-key-sender 1.0.11 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands via the 'arrParams' parameter in the 'execute' function...

CVE-2020-7627

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

CVE-2020-7627

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

Command injection

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

CVE-2020-7627

The CVE refers to the npm module node-key-sender (versions up to 1.0.11 and earlier). The root cause is a Command Injection in the function that uses the arrParams argument of the execute() method, allowing execution of arbitrary commands. Multiple connected sources (Red Hat, Snyk, Veracode, CNVD...

CVE-2020-7627

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

@bionicmetrics/bionic (>=1.2.0 <=1.3.6), @smoosee/wakemeup (>=1.0.9 <=1.20.0) +8 more potentially affected by CVE-2020-7627 via node-key-sender (>=1.0.11 <=1.0.9)

node-key-sender NPM version =1.0.11, =1.2.0, =1.0.9, =1.5.0, =0.0.1, =1.0.0, =1.0.5, =0.9.0, =1.2.1, =1.1.0, =2.2.0 Source cves: CVE-2020-7627 Source advisory: SNYK:JS-NODEKEYSENDER-564261...

Command Injection

Overview node-key-sender is a module that send keyboard events to the operational system. Affected versions of this package are vulnerable to Command Injection. The argument arrParams in function execute can be controlled by users without any sanitization. PoC var root = require"node-key-sender";...