CVE-2017-16042

Summary

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Affected Software

VendorProductVersion RangeStatus
HackerOnegrowl node module<1.10.2affected

Weaknesses

  • CWE-94: Code Injection (CWE-94)

ADP Enrichment

CVE Program Container

Additional References

References