CVE-2021-33360 Vulnerability in npm package @stoqey/gnuplot

Description

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).

Remediation

References

https://advisory.checkmarx.net/advisory/CX-2021-4811/

https://github.com/stoqey/gnuplot/blob/cd76060a15f58348baeef1c5fd867ce856515949/src/index.ts#L211-L217

Related Vulnerabilities

CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator

CVE-2016-10538 Vulnerability in npm package cli

CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2022-43412 Vulnerability in maven package org.jenkins-ci.plugins:generic-webhook-trigger

CVE-2021-23561 Vulnerability in npm package comb

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H