Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
node-prompt-here 注入漏洞
Vulnerability Description
node-prompt-here是一款用于在给定的目录下打开控制台窗口的软件包。 node-prompt-here 1.0.1及之前版本中存在安全漏洞。攻击者可利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A