This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
References
Link | Resource |
---|---|
https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303 | Broken Link |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371 | Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-12-11 10:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-7789
Mitre link : CVE-2020-7789
CVE.ORG link : CVE-2020-7789
JSON object : View
Products Affected
node-notifier_project
- node-notifier
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')