s3-uploader is vulnerable to os command injection. The vulnerability exists in the getMetadata
function in index.js
because the parameters are not properly restricted which allows an attacker to inject and execute arbitrary os commands.
CPE | Name | Operator | Version |
---|---|---|---|
s3-uploader | le | 2.1.0-rc.1 | |
s3-uploader | le | 2.1.0-rc.1 |