[Pkg-javascript-devel] Bug#900868: node-growl: CVE-2017-16042: Does not properly sanitize input before passing it to exec
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 6 07:28:31 BST 2018
Source: node-growl
Version: 1.7.0-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/tj/node-growl/issues/60
Hi,
The following vulnerability was published for node-growl.
CVE-2017-16042[0]:
| Growl adds growl notification support to nodejs. Growl before 1.10.2
| does not properly sanitize input before passing it to exec, allowing
| for arbitrary command execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-16042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16042
[1] https://github.com/tj/node-growl/issues/60
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list