Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2023-37582 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv
CVE-2022-45146 Vulnerability in maven package org.bouncycastle:bc-fips-debug
CVE-2023-37299 Vulnerability in npm package joplin
CVE-2021-23433 Vulnerability in npm package algoliasearch-helper
CVE-2023-35155 Vulnerability in maven package org.xwiki.platform:xwiki-platform-sharepage-api