Description
pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.
Remediation
References
https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8
https://snyk.io/vuln/SNYK-JS-PIXLCLASS-564968
https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8%2C
Related Vulnerabilities
CVE-2013-4204 Vulnerability in maven package com.google.gwt:gwt-user
CVE-2020-28440 Vulnerability in npm package corenlp-js-interface
CVE-2021-23346 Vulnerability in npm package html-parse-stringify2
CVE-2020-26226 Vulnerability in npm package semantic-release
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao