Description
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-5386 | promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. |
Github GHSA |
GHSA-vmqq-7qvx-68qx | promise-probe OS command injection vulnerability |
References
History
No history.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-08-04T22:32:02.100Z
Reserved: 2019-04-03T00:00:00.000Z
Link: CVE-2019-10791
No data.
Status : Modified
Published: 2020-02-18T17:15:14.500
Modified: 2026-06-17T02:11:40.830
Link: CVE-2019-10791
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD
Github GHSA