search

zaach / jison

Bison in JavaScript.
http://jison.org
4.36k stars 450 forks source link

Insufficient input validation in npm package jison <= 0.4.18 may lead to OS command injection attacks. #397

Open nkviru opened 4 years ago

nkviru commented 4 years ago

found following Common Vulnerabilities and Exposures (CVE) & any resolution to fix this security issue?

CVE-2020-8178

Insufficient input validation in npm package jison <= 0.4.18 may lead to OS command injection attacks.