search

bitovi / launchpad

NodeJS Browser Launcher
MIT License
46 stars 28 forks source link

Security Notice & Bug Bounty - Remote Code Execution - huntr.dev #123

Closed huntr-helper closed 2 years ago

huntr-helper commented 4 years ago

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Overview

launchpad allows you to launch browsers! With NodeJS!

The issue occurs because a user input is formatted inside a command that will be executed without any check.

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

huntr-helper commented 4 years ago

‎‍🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/launchpad/pull/1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.

frank-dspeed commented 2 years ago

@bmomberger-bitovi you can close this it got obsolet

bmomberger-bitovi commented 2 years ago

Closed via #124.