GHSA-795w-7426-m94j

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-795w-7426-m94j/GHSA-795w-7426-m94j.json

Aliases

CVE-2021-33360

Published

2023-03-10T18:30:22Z

Modified

2023-03-15T19:18:27Z

Details

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).

References

https://nvd.nist.gov/vuln/detail/CVE-2021-33360
https://advisory.checkmarx.net/advisory/CX-2021-4811/
https://github.com/stoqey/gnuplot
https://github.com/stoqey/gnuplot/blob/cd76060a15f58348baeef1c5fd867ce856515949/src/index.ts#L211-L217

Affected packages

npm / @stoqey/gnuplot

@stoqey/gnuplot

Affected ranges

Type: SEMVER
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 0.0.3"
}