Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2020-28273 Vulnerability in npm package set-in
CVE-2020-36179 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2018-3732 Vulnerability in npm package resolve-path
CVE-2020-7680 Vulnerability in maven package org.webjars.npm:docsify
CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io