Description

All versions of package launchpad are vulnerable to Command Injection via stop.

Remediation

References

https://github.com/bitovi/launchpad/issues/123%23issuecomment-732188118

https://github.com/bitovi/launchpad/pull/124

https://snyk.io/vuln/SNYK-JS-LAUNCHPAD-1044065

Related Vulnerabilities

CVE-2017-16040 Vulnerability in npm package gfe-sass

CVE-2021-41086 Vulnerability in npm package jsuites

CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker

CVE-2020-7629 Vulnerability in npm package install-package

CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite

Severity

Critical

Classification

CWE-78

Tags

Third Party Advisory Exploit Patch