-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-7789 (Medium) detected in node-notifier-6.0.0.tgz #1970
Comments
👋 Thanks for reporting! |
Sorry, friend. As far as this ol' bot can tell, your issue does not properly use one of this repo's available issue templates. Please try again, if you like. (And if I'm confused, please let us know. 😬)
|
This old thread has been automatically locked. If you think you have found something related to this, please open a new issue by following the issue guide (https://github.com/AlexRogalskiy/typescript-tools/blob/master/.github/ISSUE_TEMPLATE/bug_report.md), and link to this old issue if necessary. |
CVE-2020-7789 - Medium Severity Vulnerability
A Node.js module for sending notifications on native Mac, Windows (post and pre 8) and Linux (or Growl as fallback)
Library home page: https://registry.npmjs.org/node-notifier/-/node-notifier-6.0.0.tgz
Path to dependency file: typescript-tools/package.json
Path to vulnerable library: typescript-tools/node_modules/node-notifier/package.json
Dependency Hierarchy:
Found in HEAD commit: b4b72ce2d2e382c3fcb56194dc6c7e7b0caeb071
This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
Publish Date: 2020-12-11
URL: CVE-2020-7789
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7789
Release Date: 2020-12-11
Fix Resolution: 9.0.0
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: