Vulnerabilities

1 via 1 paths

Dependencies

24

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Improper Privilege Management

  • Vulnerable module: shelljs
  • Introduced through: shelljs@0.7.8

Detailed paths

  • Introduced through: uxsys-b@1.0.0 shelljs@0.7.8
    Remediation: Upgrade to shelljs@0.8.5.

Overview

shelljs is a wrapper for the Unix shell commands for Node.js.

Affected versions of this package are vulnerable to Improper Privilege Management. When ShellJS is used to create shell scripts which may be running as root, users with low-level privileges on the system can leak sensitive information such as passwords (depending on implementation) from the standard output of the privileged process OR shutdown privileged ShellJS processes via the exec function when triggering EACCESS errors.

Note: Thi only impacts the synchronous version of shell.exec().

Remediation

Upgrade shelljs to version 0.8.5 or higher.

References