Insufficient input validation in npm package jison <= 0.4.18 may lead to OS command injection attacks.

zaach / jison

Bison in JavaScript.

http://jison.org

4.33k stars 448 forks source link

Open nkviru opened 3 years ago

nkviru commented 3 years ago

found following Common Vulnerabilities and Exposures (CVE) & any resolution to fix this security issue?

CVE-2020-8178

Insufficient input validation in npm package jison <= 0.4.18 may lead to OS command injection attacks.