Description
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Remediation
References
https://github.com/tj/node-growl/issues/60
https://github.com/tj/node-growl/pull/61
https://nodesecurity.io/advisories/146
Related Vulnerabilities
CVE-2016-6796 Vulnerability in maven package org.apache.tomcat:jasper
CVE-2020-28279 Vulnerability in npm package flattenizer
CVE-2019-3894 Vulnerability in maven package org.wildfly:wildfly-ee
CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial
CVE-2014-0363 Vulnerability in maven package org.igniterealtime.smack:smack-core