Description

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.

Remediation

References

https://hackerone.com/reports/825729

Related Vulnerabilities

CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice

CVE-2023-40815 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2023-31544 Vulnerability in maven package org.opencms:opencms-core

CVE-2020-7618 Vulnerability in npm package sds

CVE-2020-7604 Vulnerability in npm package pulverizr

Severity

Critical

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory