Skip to content

Command Injection in samsung-remote

critical severity Published Sep 1, 2020 • Updated Sep 24, 2021

Package

npm samsung-remote (npm)

Affected versions

< 1.3.5

Patched versions

1.3.5

Description

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor.

Recommendation

Update to version 1.3.5 or later.

References

GHSA ID

GHSA-xhjx-mfr6-9rr4