Description

All versions of package launchpad are vulnerable to Command Injection via stop.

Remediation

References

https://github.com/bitovi/launchpad/issues/123%23issuecomment-732188118

https://github.com/bitovi/launchpad/pull/124

https://snyk.io/vuln/SNYK-JS-LAUNCHPAD-1044065

Related Vulnerabilities

CVE-2020-28168 Vulnerability in maven package org.webjars.npm:axios

CVE-2022-36907 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2021-21181 Vulnerability in maven package org.webjars.npm:electron

CVE-2018-1000118 Vulnerability in npm package electron

CVE-2019-0205 Vulnerability in maven package org.webjars.npm:thrift

Severity

Critical

Classification

CWE-78

Tags

Third Party Advisory Exploit Patch