EPSS
Percentile
77.0%
growl is vulnerable to remote code execution (RCE). A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the exec function.
github.com/cristianstaicu
github.com/tj/node-growl/blob/master/lib/growl.js#L289
github.com/tj/node-growl/issues/60
github.com/tj/node-growl/pull/61
nodesecurity.io/advisories/146
www.microsoft.com/en-us/research/wp-content/uploads/2017/01/nodejs_tr.pdf