All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.
References
Link | Resource |
---|---|
http://snyk.io/vuln/SNYK-JS-CHROMELAUNCHER-537575 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-05-02 16:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-7645
Mitre link : CVE-2020-7645
CVE.ORG link : CVE-2020-7645
JSON object : View
Products Affected
- chrome-launcher
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')