6 matches found
OS Command Injection in compile-sass
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...
GHSA-79QM-H35F-HR77 OS Command Injection in compile-sass
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...
OS Command Injection
compile-sass is vulnerable to OS command injection. Lack of validation and sanitization allows an attacker to inject and execute arbitrary OS commands within the rm command in the function setupCleanupOnExitcssPath in dist/index.js...
CVE-2019-10799
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...
Command injection
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...
Command Injection
Overview compile-sass is a module to compile SASS on-the-fly and/or save it to CSS files. Affected versions of this package are vulnerable to Command Injection. The function setupCleanupOnExitcssPath within dist/index.js is executed as part of the rm command without any sanitization. PoC by JHU...