5 matches found
Command Injection
exec-local-bin is vulnerable to Command Injection attacks. The library does not properly sanitize user-input via theProcess function, which allows an attacker to inject and execute malicious commands...
GHSA-F259-H6M8-HM8M exec-local-bin vulnerable to Command Injection
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...
exec-local-bin vulnerable to Command Injection
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...
CVE-2022-25923
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization. PoC js var root = require"exec-local-bin" root"& touch JHU", Remediation Upgrade exec-local-bin to version 1.2.0 or higher. References - GitHub...