GHSA-j9f8-8h89-j69x – node-os-utils

Package

Manager: npm
Name: node-os-utils
Vulnerable Version: >=0 <1.1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Remote Code Execution in node-os-utils Versions of `node-os-utils` prior to 1.1.0 are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. ## Recommendation Upgrade to version 1.1.0 or later.

Metadata

Created: 2019-06-11T16:16:34Z
Modified: 2021-08-04T21:06:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-j9f8-8h89-j69x/GHSA-j9f8-8h89-j69x.json
CWE IDs: ["CWE-94"]
Alternative ID: N/A
Finding: F422
Auto approve: 1