Description
All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip() function concatenates user input to exec() which may allow attackers to execute arbitrary commands on the server.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0
References
Related Issues
- Command Injection Vulnerability - CVE-2021-21315
- Cloudera HUE Account Enumeration - CVE-2016-4947
- Cross-Site Scripting in exceljs - CVE-2018-16459
- Sensitive data exposure in NATS - CVE-2020-26149
- Tags:
- npm
- cocos-utils
Anything's wrong? Let us know Last updated on January 09, 2023