Description
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.
Recommendation
Update the nadesiko3 package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.75
- Patched version(s): 3.3.75
References
Related Issues
- Nadesiko3 OS Command Injection vulnerability - CVE-2022-41642
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- chromedriver Command Injection vulnerability - CVE-2023-26156
- Tags:
- npm
- nadesiko3
Anything's wrong? Let us know Last updated on January 31, 2023