Description
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Remediation
References
https://nodesecurity.io/advisories/146
https://github.com/tj/node-growl/pull/61
https://github.com/tj/node-growl/issues/60
Related Vulnerabilities
CVE-2016-10681 Vulnerability in npm package roslib-socketio
CVE-2017-16118 Vulnerability in maven package org.webjars.npm:forwarded
CVE-2022-24279 Vulnerability in npm package madlib-object-utils
CVE-2015-5298 Vulnerability in maven package org.jenkins-ci.plugins:google-login
CVE-2020-7610 Vulnerability in maven package org.webjars.npm:bson