Command Injection in cocos-utils

Severity:: High

Description

All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip() function concatenates user input to exec() which may allow attackers to execute arbitrary commands on the server.

Recommendation

No fix is available yet. Followings are affected versions:

>= 0

References

GHSA-rffp-mc78-wjf7
www.npmjs.com
CWE-77
OWASP 2021-A3

Related Issues

systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
Command Injection in soletta-dev-app - Vulnerability
Command Injection Vulnerability in systeminformation - systeminformation - CVE-2020-26274
appium-desktop OS Command Injection vulnerability - CVE-2023-2479

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Update Cheat Sheet for Developers

Tags:: npm; cocos-utils

Anything's wrong? Let us know Last updated on January 09, 2023