Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2022-42003 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2018-1999024 Vulnerability in npm package mathjax
CVE-2022-34112 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2018-20834 Vulnerability in npm package tar
CVE-2020-14359 Vulnerability in maven package org.keycloak:keycloak-core