CVE-2019-10796
N/A
N/A
Summary
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | rpi | All versions including 0.0.3 | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/xseignard/rpi/blob/master/src/lib/gpio.js#L47
- https://snyk.io/vuln/SNYK-JS-RPI-548942
References
- https://github.com/xseignard/rpi/blob/master/src/lib/gpio.js#L47
- https://snyk.io/vuln/SNYK-JS-RPI-548942
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.