Closed huntr-helper closed 3 years ago
@petersirka, if you want more security fixes and patches like this in the future, you can let security researchers know that they can win bounties protecting your repository by copying this small code snippet into your README.md:
[![huntr](https://cdn.huntr.dev/huntr_security_badge.svg)](https://huntr.dev)
👇 👇 👇
@hethvik (https://huntr.dev/users/hethvik) has fixed a potential Command Injection vulnerability in your repository 🔨. For more information, visit our website (https://huntr.dev/) or click the bounty URL below...
Q | A Version Affected | * Bug Fix | YES Original Pull Request | https://github.com/418sec/framework/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/total.js/1/README.md
User Comments:
📊 Metadata *
total.js
is vulnerable toCommand Injection
.Bounty URL: https://www.huntr.dev/bounties/1-npm-total.js/
⚙️ Description *
Command injection vulnerabilities typically occur when:
💻 Technical Description *
Fixed by allowing supported images.
🐛 Proof of Concept (PoC) *
🔥 Proof of Fix (PoF) *
After fix execution will block execution of external commands.
👍 User Acceptance Testing (UAT)
After fix functionality is unaffected.