GHSA-qh2h-chj9-jffq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qh2h-chj9-jffq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/06/GHSA-qh2h-chj9-jffq/GHSA-qh2h-chj9-jffq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qh2h-chj9-jffq
- Aliases
- Published
- 2018-06-08T12:43:43Z
- Modified
- 2023-11-08T03:59:01.241655Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Growl before 1.10.0 vulnerable to Command Injection
- Details
-
Affected versions of
growldo not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.Recommendation
Update to version 1.10.0 or later.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:51:54Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-78", "CWE-94" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-16042
- https://github.com/tj/node-growl/issues/60
- https://github.com/tj/node-growl/pull/61
- https://github.com/tj/node-growl/pull/62
- https://github.com/tj/node-growl/commit/d71177d5331c9de4658aca62e0ac921f178b0669
- https://github.com/tj/node-growl
- https://www.npmjs.com/advisories/146
Affected packages
npm / growl
Package
- Name
- growl
- View open source insights on deps.dev
- Purl
- pkg:npm/growl