Description
All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip() function concatenates user input to exec() which may allow attackers to execute arbitrary commands on the server.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0
References
Related Issues
- systeminformation command injection vulnerability - CVE-2020-7752
- Command Injection in soletta-dev-app - Vulnerability
- Command Injection Vulnerability in systeminformation (GHSA-m57p-p67h-mq74) - CVE-2020-26274
- Command Injection in node-rules - Vulnerability
- Tags:
- npm
- cocos-utils
Anything's wrong? Let us know Last updated on January 09, 2023