homestar-samsung-smart-tv (>=0.0.1 <=0.0.19), node-red-contrib-samsungtv (>=0.1.0 <=0.1.1) potentially affected by unknown CVE via samsung-remote (=1.2.5)

samsung-remote NPM version =1.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on samsung-remote and may be impacted: - homestar-samsung-smart-tv =0.0.1, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XHJX-MFR6-9RR4...

GHSA-XHJX-MFR6-9RR4 Command Injection in samsung-remote

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor. Recommendation Update to version 1.3.5 or later...

Command Injection in samsung-remote

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor. Recommendation Update to version 1.3.5 or later...

Command Injection

Overview Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor. Recommendation Update to version 1.3.5 or later. References - HackerOne Report - Node.js security-wg -...

Node.js third-party modules: [samsung-remote] Command injection

I would like to report a command injection vulnerability in the samsung-remote npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: samsung-remote version: 1.2.5 npm page: https://www.npmjs.com/package/samsung-remote Module Descriptio...