Skip to content
This repository has been archived by the owner on Feb 18, 2022. It is now read-only.

Security Alert - Package: node-notifier; Severity: MODERATE #786

Open
phenggeler opened this issue Jan 25, 2022 · 0 comments
Open

Security Alert - Package: node-notifier; Severity: MODERATE #786

phenggeler opened this issue Jan 25, 2022 · 0 comments

Comments

@phenggeler
Copy link

phenggeler commented Jan 25, 2022
edited
Loading 

    Affected package: node-notifier
    Ecosystem: NPM
    Affected version range: < 8.0.1

    Summary: OS Command Injection in node-notifier
    Description: This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
    identifiers: [{'type': 'GHSA', 'value': 'GHSA-5fw9-fq32-wv5p'}, {'type': 'CVE', 'value': 'CVE-2020-7789'}]

    Fixed Version: 8.0.1
    Created Date = January 25, 2022

    

    ---
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@phenggeler