VDB
KO
CRITICAL 9.8

GHSA-m8xj-5v73-3hh8

curlrequest allows execution of arbitrary commands

Details

curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / curlrequest
Introduced in: 0

No fixed version published yet for curlrequest (npm). Pin to a known-safe version or switch to an alternative.

References