GHSA-77qv-gh6f-pgh4

Suggest an improvement
Source
https://github.com/advisories/GHSA-77qv-gh6f-pgh4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-77qv-gh6f-pgh4/GHSA-77qv-gh6f-pgh4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-77qv-gh6f-pgh4
Aliases
  • CVE-2020-4066
Published
2020-06-22T15:24:06Z
Modified
2023-11-08T04:03:50.576646Z
Severity
  • CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Summary
Command Injection in Limdu
Details

Impact

The trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Patches

Patched in version 0.9.5.

Workarounds

Do not use trainBatch with classifiers that rely on shell execution, such as SVM Perf, SVM Linear or Adaboost

References

No

References

Affected packages

npm / limdu

Package

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.9.5

Database specific

{
    "last_known_affected_version_range": "<= 0.9.4"
}