Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Network Utilies for Node.js 安全漏洞
Vulnerability Description
Network Utilies for Node.js是Tomás Pollak个人开发者的一款应用程序。 Network Utilies for Node.js 0.7.0 之前版本存在安全漏洞,该漏洞源于使用了未进行输入清理的 child_process exec 函数,攻击者利用该漏洞可能在运行该程序包的操作系统上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A