GHSA-77qv-gh6f-pgh4

Source
https://github.com/advisories/GHSA-77qv-gh6f-pgh4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-77qv-gh6f-pgh4/GHSA-77qv-gh6f-pgh4.json
Aliases
  • CVE-2020-4066
Published
2020-06-22T15:24:06Z
Modified
2023-11-08T04:03:50.576646Z
Details

Impact

The trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Patches

Patched in version 0.9.5.

Workarounds

Do not use trainBatch with classifiers that rely on shell execution, such as SVM Perf, SVM Linear or Adaboost

References

No

References

Affected packages

npm / limdu

Package

Name
limdu

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.9.5

Database specific

{
    "last_known_affected_version_range": "<= 0.9.4"
}