Remote Command Execution in reg-keygen-git-hash-plugin

Description

reg-keygen-git-hash-plugin through 0.10.15 allow remote attackers to execute of arbitrary commands.

Recommendation

Update the reg-keygen-git-hash-plugin package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.10.16
• Patched version(s): 0.10.16

References

• GHSA-49q3-8867-5wmp
• www.npmjs.com
• CVE-2021-32673
• CWE-78
• CWE-94
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Remote code execution in Eclipse Theia - CVE-2021-34435
• rejetto HFS vulnerable to OS Command Execution by remote authenticated users - CVE-2024-39943
• Angular Expressions - Remote Code Execution - CVE-2021-21277
• A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA - CVE-2023-33831

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

reg-keygen-git-hash-plugin