An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.
7.5CVSS
7.5AI Score
0.001EPSS
All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the...
8.4CVSS
7.8AI Score
0.0004EPSS