Description
All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip() function concatenates user input to exec() which may allow attackers to execute arbitrary commands on the server.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0
References
Related Issues
- Nadesiko3 OS Command Injection vulnerability - CVE-2022-41642
- systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
- Command Injection in soletta-dev-app - Vulnerability
- Command Injection in marsdb - Vulnerability
You might also like:
- Tags:
- npm
- cocos-utils
Anything's wrong? Let us know Last updated on January 09, 2023


