Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2022-36100 Vulnerability in maven package org.xwiki.platform:xwiki-platform-tag-ui
CVE-2018-9206 Vulnerability in npm package blueimp-file-upload
CVE-2023-41037 Vulnerability in npm package openpgp
CVE-2021-25946 Vulnerability in npm package nconf-toml
CVE-2009-1190 Vulnerability in maven package org.springframework:spring-core