CVE-2017-16042 Vulnerability in npm package growl

Description

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Remediation

References

https://github.com/tj/node-growl/issues/60

https://github.com/tj/node-growl/pull/61

https://nodesecurity.io/advisories/146

Related Vulnerabilities

CVE-2020-8141 Vulnerability in maven package org.webjars.bowergithub.olado:dot

CVE-2019-20149 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:kind-of

CVE-2020-7708 Vulnerability in npm package @irrelon/path

CVE-2017-16137 Vulnerability in maven package org.webjars.npm:debug

CVE-2016-0706 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H