Command Injection

Affecting shelljs package, ALL versions

high severity

Overview

shelljs is a portable Unix shell commands for Node.js. It is possible to invoke commands from shell.exec() from external sources, allowing an attacker to inject arbitrary commands.

Remediation

There is no fix version for shelljs.

References

Credit
Chris Corbyn
Snyk ID
npm:shelljs:20140723
Disclosed
22 Jul, 2014
Published
13 Feb, 2017

Do your applications use this vulnerable package?