CVE-2017-16042

EPSS 4.4%CWE-94

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Produtos afetados

HackerOne · growl node module

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/tj/node-growl/issues/60 https://github.com/tj/node-growl/pull/61 https://nodesecurity.io/advisories/146