Description
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.
Recommendation
Update the nadesiko3 package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.75
- Patched version(s): 3.3.75
References
Related Issues
- create-choo-app3 is vulnerable to Command Injection via the devInstall function - CVE-2022-25855
- Nadesiko3 OS Command Injection vulnerability - CVE-2022-41642
- Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type - CVE-2022-35948
- Command injection in Parse Server through prototype pollution - CVE-2022-24760
- Tags:
- npm
- nadesiko3
Anything's wrong? Let us know Last updated on January 31, 2023