search

TIBCOSoftware / TCSTK-custom-form-app-plugin

TIBCO Cloud™ Composer - Custom Form App Plugin
https://tibcosoftware.github.io/TCSToolkit/
Other
1 stars 1 forks source link

WS-2017-3737 (Medium) detected in shelljs-0.8.3.tgz #3

Closed mend-for-github-com[bot] closed 4 years ago

mend-for-github-com[bot] commented 5 years ago

WS-2017-3737 - Medium Severity Vulnerability

Vulnerable Library - shelljs-0.8.3.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.8.3.tgz

Path to dependency file: /TCSTK-custom-form-app-plugin/package.json

Path to vulnerable library: /tmp/git/TCSTK-custom-form-app-plugin/node_modules/shelljs/package.json

Dependency Hierarchy: - compiler-cli-7.2.15.tgz (Root Library) - :x: **shelljs-0.8.3.tgz** (Vulnerable Library)

Vulnerability Details

Shelljs 0.8.3 and before are vulnerable to Command Injection. Commands can be invoked from shell.exec(), those commands will include input from external sources, to be passed as arguments to system executables and allowing an attacker to inject arbitrary commands.

Publish Date: 2019-06-16

URL: WS-2017-3737

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

hpeters83 commented 4 years ago

Package removed through update