Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2021-41183 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2018-3785 Vulnerability in npm package git-dummy-commit
CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2022-29631 Vulnerability in maven package org.jodd:jodd-http