Description

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

Remediation

References

https://hackerone.com/reports/701183

Related Vulnerabilities

CVE-2022-36077 Vulnerability in npm package electron

CVE-2016-0750 Vulnerability in maven package org.infinispan:infinispan-client-hotrod

CVE-2017-16094 Vulnerability in npm package iter-http

CVE-2022-26969 Vulnerability in npm package directus

CVE-2017-11554 Vulnerability in npm package node-sass

Severity

Critical

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Permissions Required Third Party Advisory