VDB
KO
CRITICAL 9.8

GHSA-4xrw-wvmq-8jmh

OS Command Injection in node-key-sender

Details

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / node-key-sender
Introduced in: 0

No fixed version published yet for node-key-sender (npm). Pin to a known-safe version or switch to an alternative.

References