Command Injection in ascii-art

Severity:: Low

Description

Versions of ascii-art before 1.4.4 are vulnerable to command injection. This is exploitable when user input is passed into the argument of the ascii-art preview command.

Recommendation

Update the ascii-art package to the latest compatible version. Followings are version details:

Affected version(s): <= 1.4.2
Patched version(s): 1.4.4

References

GHSA-9hqj-38j2-5jgm
hackerone.com
www.npmjs.com
CWE-77
OWASP 2021-A3

Related Issues

systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
Command Injection in marsdb - Vulnerability
Command Injection in soletta-dev-app - Vulnerability
appium-desktop OS Command Injection vulnerability - CVE-2023-2479

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Update Cheat Sheet for Developers

Tags:: npm; ascii-art

Anything's wrong? Let us know Last updated on January 09, 2023