CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

AZL-44547 CVE-2017-16042 affecting package js-jquery 3.5.0-4

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

DEBIAN-CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

Command injection

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

UBUNTU-CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

CVE-2017-16049

The CVE-2017-16049 case corresponds to the npm package nodesqlite, described across multiple sources as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The core issue is malicious code published in nodesqlite intended to hijack environment variable...

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

CVE-2017-16042

The CVE-2017-16042 entry concerns Growl for Node.js. Affected: growl prior to version 1.10.2. Root cause: input is not properly sanitized before being passed to exec, enabling arbitrary command execution. Impact: remote command execution via crafted input in the Growl integration for nodejs. Expl...

Remote code execution

node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10626

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10622

nodeschnaps is a NodeJS compatibility layer for Java Rhino. nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10599

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping o...

Remote code execution

nodeschnaps is a NodeJS compatibility layer for Java Rhino. nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

Design/Logic Flaw

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10626

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10622

CVE-2016-10622 concerns the NodeJS compatibility layer for Java (Rhino) called nodeschnaps . The vulnerability arises because it downloads binary resources over HTTP, exposing users to MITM attacks. The documented risk is that an attacker on the network could swap the requested binary with a mali...