-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential for command injection in printer/package/lib/printer.js #1
Comments
Thanks for Pull request |
Sorry for the double email, I miscommunicated to the node security Ion wrote:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Overview
Untrusted input passed in to the printer attribute of the first argument to printDirect module can allow for command injection. This may be unexpected behavior for the caller.
Confirmed on version 0.0.1
Confirmed vulnerable. Examples:
Recommendation
usechild_process.execFile and pass in the arguments array.
Credit: Node Security Auditor
Adam Baldwin
Questions? Hit us up in #nodesecurity on freenode or email info@nodesecurity.io and reference this issue.
The Node Security Project
nodesecurity.io
@nodesecurity
The text was updated successfully, but these errors were encountered: