EUVD-2022-0792

Malicious code in bioql PyPI...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

GHSA-3HQ6-RMV7-39VH Injection in op-browser

op-browser through 1.0.9 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

Injection in op-browser

op-browser through 1.0.9 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

hiproxy (>=1.1.3 <=2.0.0-next.3) potentially affected by CVE-2020-7625 via op-browser (>=1.0.6 <=1.0.9)

op-browser NPM version =1.0.6, =1.1.3, =2.0.0-next.3 Source cves: CVE-2020-7625 Source advisory: OSV:GHSA-3HQ6-RMV7-39VH...

Remote Code Execution (RCE)

op-browser is vulnerable to remote code execution RCE. The attack exist because it does not validate the user-provided value to url parameter, allowing an attacker to inject arbitrary code through it...

Op-browser Command Injection Vulnerability

op-browser is a module for opening browser windows and setting up proxies. A command injection vulnerability exists in op-browser 1.0.6 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary commands via the url function...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

Command injection

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

CVE-2020-7625

CVE-2020-7625 affects the Node module op-browser . Versions up to and including 1.0.6 are vulnerable to a command injection that allows an attacker to execute arbitrary commands via the vulnerable url function. The issue can lead to remote code execution (RCE) with high impact. Remediation: upgra...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

hiproxy (=1.3.3) potentially affected by CVE-2020-7625 via op-browser (=1.0.6)

op-browser NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on op-browser and may be impacted: - hiproxy =1.3.3 Source cves: CVE-2020-7625 Source advisory: SNYK:JS-OPBROWSER-564259...

Command Injection

Overview op-browser is a module that open browser window and set proxy. Affected versions of this package are vulnerable to Command Injection. The url parameter can be controlled by users without any sanitization. PoC var root = require"op-browser"; root.open'chrome','& touch Song','',''; Details...