Description
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-1055 | node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization. |
Github GHSA |
GHSA-f8fh-8rgm-227h | OS Command Injection in node-prompt-here |
References
| Link | Providers |
|---|---|
| https://snyk.io/vuln/SNYK-JS-NODEPROMPTHERE-560115 |
|
History
No history.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-08-04T09:33:19.938Z
Reserved: 2020-01-21T00:00:00.000Z
Link: CVE-2020-7602
No data.
Status : Modified
Published: 2020-03-15T22:15:14.583
Modified: 2026-06-17T03:25:06.190
Link: CVE-2020-7602
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD
Github GHSA