apiconnect-cli-plugins is a Plugin for IBM API Connect Developer Toolkit.
Affected versions of this package are vulnerable to Command Injection. The argument
pluginUri can be controlled by users without any sanitization.
var root = require("apiconnect-cli-plugins"); var payload = "& touch Song &"; root.pluginLoader.installPlugin(payload,"");
the injection point is located in line 181 of file
lib/plugin-loader.js, in the function
There is no fixed version for