huntr.dev - Command Injection Fix

kylefarris / clamscan

A robust ClamAV virus scanning library supporting scanning files, directories, and streams with local sockets, local/remote TCP, and local clamscan/clamdscan binaries (with failover).

MIT License

236 stars 69 forks source link

huntr.dev - Command Injection Fix #45

Closed huntr-helper closed 4 years ago

huntr-helper commented 4 years ago

https://huntr.dev/app/users/mufeedvh has fixed a security vulnerability (Command Injection) :hammer:. mufeedvh has been awarded $25 for fixing the vulnerability through the huntr bug bounty program :dollar:. Think you could fix a vulnerability like this? Get involved at https://huntr.dev/!

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | https://github.com/418sec/clamscan/pull/1

Bounty URL: https://huntr.dev/bounties/1-npm-clamscan

JamieSlome commented 4 years ago

@kylefarris - requested changes have been made! 🍰

SaltwaterC commented 4 years ago

@kylefarris out of curiosity, has this originated from the sockets branch since this issue has been patched in the old master of 0.8.2 like donkey's years ago?

kylefarris commented 4 years ago

@SaltwaterC, it is quite odd. I rebased the sockets branch several times during development and then once more before merging into master. Maybe I didn't handle a conflict properly?