Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2022-23621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2023-30514 Vulnerability in maven package org.jenkins-ci.plugins:azure-keyvault
CVE-2021-23436 Vulnerability in npm package immer
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack