EUVD-2021-1223

Malware in sbrugna...

Command Injection in picotts

This affects all versions up to and including version 0.1.1 of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

@ioup/mia-bot (=0.0.1) potentially affected by CVE-2021-23378 via picotts (=0.1.1)

picotts NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on picotts and may be impacted: - @ioup/mia-bot =0.0.1 Source cves: CVE-2021-23378 Source advisory: OSV:GHSA-WQ7Q-5V6J-XFV6...

GHSA-WQ7Q-5V6J-XFV6 Command Injection in picotts

This affects all versions up to and including version 0.1.1 of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary Code Execution

picotts is vulnerable to arbitrary code execution. The vulnerability exists due to the lack of sanitization of user-provided input to the say function which is subsequently parsed in the childprocess.exec function...

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Design/Logic Flaw

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23378

The CVE-2021-23378 issue affects all versions of the picotts package. The root cause is unsanitized attacker-controlled input in the say function, which allows execution of arbitrary commands via child_process.exec. Multiple sources (NVD, OSV, GHSA, CVE list) confirm a command-injection vulnerabi...

CVE-2021-23378 Arbitrary Command Injection

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

npm picotts 命令注入漏洞

npm picotts is an application from the US company npm. PicoTTS wrapper for NodeJS. picotts has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the lack of input validation when executing functions using child processes...

@ioup/mia-bot (=0.0.1) potentially affected by CVE-2021-23378 via picotts (=0.1.1)

picotts NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on picotts and may be impacted: - @ioup/mia-bot =0.0.1 Source cves: CVE-2021-23378 Source advisory: SNYK:JS-PICOTTS-1078539...

Arbitrary Command Injection

Overview picotts is a PicoTTS wrapper. PicoTTS is being used by Android and it's extremely lightweight and fast yet produces very natural voices. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the say function, it is...