CVE-2017-16042

critical

Description

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

References

Advisories

https://nodesecurity.io/advisories/146

https://github.com/tj/node-growl/pull/61

https://github.com/tj/node-growl/issues/60

Details

Source: Mitre, NVD

Published: 2018-06-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03022

Detections

Analytics