CVE-2016-10541

Summary

The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.

Affected Software

VendorProductVersion RangeStatus
HackerOneshell-quote node module<=1.6.0affected

Weaknesses

  • CWE-78: OS Command Injection (CWE-78)

ADP Enrichment

CVE Program Container

Additional References

References