Command Injection

Affecting shelljs package, ALL versions

high severity

Overview

shelljs is a portable Unix shell commands for Node.js.

Affected version of this package are vulnerable to Command Injection. It is possible to invoke commands from shell.exec() from external sources, allowing an attacker to inject arbitrary commands.

Remediation

There is no fix version for shelljs.

References

Do your applications use this vulnerable package?

Credit
Chris Corbyn
CWE
CWE-77
Snyk ID
npm:shelljs:20140723
Disclosed
22 Jul, 2014
Published
13 Feb, 2017