Description

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.

Remediation

References

http://snyk.io/vuln/SNYK-JS-CHROMELAUNCHER-537575

Related Vulnerabilities

CVE-2023-26134 Vulnerability in npm package git-commit-info

CVE-2017-17068 Vulnerability in npm package auth0-js

CVE-2020-7693 Vulnerability in npm package sockjs

CVE-2020-7724 Vulnerability in npm package tiny-conf

CVE-2023-45277 Vulnerability in maven package org.yamcs:yamcs-core

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory