diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.
References
Link | Resource |
---|---|
https://github.com/iximiuz/node-diskusage-ng/blob/master/lib/posix.js#L11 | Exploit Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-DISKUSAGENG-564425 | Exploit |
Configurations
History
No history.
Information
Published : 2020-04-06 13:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-7631
Mitre link : CVE-2020-7631
CVE.ORG link : CVE-2020-7631
JSON object : View
Products Affected
diskusage-ng_project
- diskusage-ng
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')