nadesiko3 vulnerable to OS Command Injection

Description

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

Recommendation

Update the nadesiko3 package to the latest compatible version. Followings are version details:

• Affected version(s): < 3.3.75
• Patched version(s): 3.3.75

References

• GHSA-7249-8x22-4rg4
• jvn.jp
• CVE-2022-42496
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Nadesiko3 OS Command Injection vulnerability - CVE-2022-41642
• create-choo-app3 is vulnerable to Command Injection via the devInstall function - CVE-2022-25855
• Matrix-appservice-irc vulnerable to sql injection via roomIds argument - CVE-2022-3971
• BrowserStack Local vulnerable to Command Injection through logfile variable - CVE-2025-57283

You might also like:

How do hackers hack websites?

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

nadesiko3