GO-2022-0937 Elvish vulnerable to remote code execution via the web UI backend in github.com/elves/elvish

Elvish vulnerable to remote code execution via the web UI backend in github.com/elves/elvish...

CVE-2021-41088 Remote code execution via the web UI backend of Elvish

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...