Skip to content

Command Injection in growl

Critical severity GitHub Reviewed Published Jun 8, 2018 • Updated Jan 8, 2021

Package

npm growl (npm)

Affected versions

< 1.10.0

Patched versions

1.10.0

Description

Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.

Recommendation

Update to version 1.10.2 or later.

References

CVE ID

CVE-2017-16042