CVE-2017-16042 Vulnerability in npm package growl

Description

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Remediation

References

https://github.com/tj/node-growl/issues/60

https://github.com/tj/node-growl/pull/61

https://nodesecurity.io/advisories/146

Related Vulnerabilities

CVE-2017-16185 Vulnerability in npm package uekw1511server

CVE-2019-10334 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

CVE-2014-9772 Vulnerability in npm package validator

CVE-2016-6346 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs

CVE-2017-12647 Vulnerability in maven package com.liferay:com.liferay.knowledge.base.service

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H