First published: Thu Oct 21 2021(Updated: )
Node.js shell-quote module could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw with windows drive letter regex. By sending a specially-crafted shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Shell-quote Project Shell-quote | <1.7.3 | |
IBM Planning Analytics | <=2.0 | |
npm/shell-quote | <=1.7.2 | 1.7.3 |
<1.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.