CVE-2019-10789
N/A
N/A
Summary
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | curling.js | All versions | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-CURLING-546484
- https://github.com/hgarcia/curling/blob/e861d625c074679a2931bcf4ce8da0afa8162c53/lib/curl-transport.js#L56
References
- https://snyk.io/vuln/SNYK-JS-CURLING-546484
- https://github.com/hgarcia/curling/blob/e861d625c074679a2931bcf4ce8da0afa8162c53/lib/curl-transport.js#L56
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.