rpi is vulnerable to remote code execution (RCE). The vulnerability is possible because it invokes proc.exec
with user-contributed data pinNumber
as one of the arguments inside GPIO
function of src/lib/gpio.js
, allowing a malicious user to inject malicious command and execute it.