You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@adriano-di-giovanni any chance you could release a new version of node-df with a fix for this?
CVE-2019-15597
high severity
Vulnerable versions: = 0.1.4
Patched version: No fix
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
I think removing semicolons, & and | characters in files option should avoid executing other commands than df. So a a fix is probably easy. Would a PR help?
@adriano-di-giovanni any chance you could release a new version of
node-df
with a fix for this?CVE-2019-15597
high severity
Vulnerable versions: = 0.1.4
Patched version: No fix
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
https://snyk.io/vuln/npm:node-df
https://snyk.io/vuln/SNYK-JS-NODEDF-536779
https://hackerone.com/reports/703412
The text was updated successfully, but these errors were encountered: