Description
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.7.26
References
Related Issues
- Code injection in electerm - CVE-2020-23256
- xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection (GHSA-h4j5-c7cj-74xg) - CVE-2020-28502
- Code Injection in jsen - CVE-2020-7777
- Code Injection in node-rules - CVE-2020-7609
- Tags:
- npm
- cd-messenger
Anything's wrong? Let us know Last updated on February 01, 2023