Description
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-0746 | serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. |
Github GHSA |
GHSA-3fw4-4h3m-892h | OS Command Injection in serial-number |
References
History
No history.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-08-04T22:32:02.057Z
Reserved: 2019-04-03T00:00:00.000Z
Link: CVE-2019-10804
No data.
Status : Modified
Published: 2020-02-28T21:15:13.087
Modified: 2026-06-17T02:11:42.343
Link: CVE-2019-10804
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD
Github GHSA