Vulnerabilities

 1 via 1 paths

Dependencies

Source

 npm
Find a vulnerability free version of growl | View growl package health on Snyk Advisor

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

critical severity

Arbitrary Code Injection

  • Vulnerable module: growl
  • Introduced through: growl@1.3.0

Detailed paths

  • Introduced through: growl@1.3.0
    Remediation: Upgrade to growl@1.10.0.

Overview

growl is a package adding Growl support for Nodejs.

Affected versions of this package are vulnerable to Arbitrary Code Injection due to unsafe use of the eval() function. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload to inject arbitrary commands.

Remediation

Upgrade growl to version 1.10.0 or higher.

References

Arbitrary Code Injection vulnerability report