Description
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Remediation
References
https://hackerone.com/reports/825729
Related Vulnerabilities
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.layui:layui
CVE-2017-16167 Vulnerability in npm package yyooopack
CVE-2021-33609 Vulnerability in maven package com.vaadin:vaadin-server
CVE-2021-28163 Vulnerability in maven package org.eclipse.jetty:jetty-deploy
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa