Description
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
Remediation
References
https://github.com/xseignard/rpi/blob/master/src/lib/gpio.js#L47
https://snyk.io/vuln/SNYK-JS-RPI-548942
Related Vulnerabilities
CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2018-3721 Vulnerability in maven package org.webjars:lodash
CVE-2022-22912 Vulnerability in npm package plist
CVE-2021-42010 Vulnerability in maven package org.apache.heron:heron-api
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core