EPSS
Percentile
78.1%
strong-nginx-controller is vulnerable to OS command injection. Lack of validation and sanitization of the action parameter allows an attacker to inject and execute arbitrary OS commands via the _nginxCmd function.
action
_nginxCmd
github.com/strongloop/strong-nginx-controller/blob/master/lib/server.js#L65,
github.com/strongloop/strong-nginx-controller/blob/v1.0.2/lib/server.js#L62-L65