electerm allows unauthorized users to execute arbitrary commands

Description

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary commands via unverified request to electerms service.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.3.22

References

• GHSA-x73w-g8hx-v7rp
• CVE-2020-23256
• CWE-306
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6
• OWASP 2021-A7

Related Issues

• Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability - CVE-2024-47818
• Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click - CVE-2026-43941
• Electerm users can run dangrous code through link or command line - CVE-2026-43944
• xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection - xmlhttprequest - CVE-2020-28502

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

electerm