Description
All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip() function concatenates user input to exec() which may allow attackers to execute arbitrary commands on the server.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0
References
Related Issues
- Command Injection in node-rules - Vulnerability
- Command Injection in soletta-dev-app - Vulnerability
- systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
- systeminformation command injection vulnerability - CVE-2020-7752
- Tags:
- npm
- cocos-utils
Anything's wrong? Let us know Last updated on January 09, 2023