snyk-go-plugin is vulnerable to command injection. The vulnerability exists in execute
function of sub-process.js
because shell for child processes is not properly disabled which allows an attacker to run arbitrary commands on the host system.
CPE | Name | Operator | Version |
---|---|---|---|
snyk-go-plugin | le | 1.19.0 | |
snyk-go-plugin | le | 1.19.0 |
github.com/advisories/GHSA-hpqj-7cj6-hfj8
github.com/snyk/snyk-go-plugin/commit/6cce1065842ffaeaa6e9abe93c94100d157c8376
github.com/snyk/snyk-go-plugin/pull/99
github.com/snyk/snyk-go-plugin/releases/tag/v1.19.1
www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/