You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This module lets you push a notification to OS. It was invoking exec without any sanitization. Pushback was “nobody uses it in a vulnerable way” - but not true. It was one of the first ones, showed supply chain issues. Components make wrote assumptions about how they are used. ; CVSS 9.8; via Cristian-Alexandru STAICU.
It shows a simple shell injection vulnerability & how a low-level library can introduce vulnerabilities. It's also relatively easy to explain.
The text was updated successfully, but these errors were encountered:
Consider adding Story time to fundamentals course about the Growl module in npm per https://nvd.nist.gov/vuln/detail/CVE-2017-16042
This module lets you push a notification to OS. It was invoking exec without any sanitization. Pushback was “nobody uses it in a vulnerable way” - but not true. It was one of the first ones, showed supply chain issues. Components make wrote assumptions about how they are used. ; CVSS 9.8; via Cristian-Alexandru STAICU.
It shows a simple shell injection vulnerability & how a low-level library can introduce vulnerabilities. It's also relatively easy to explain.
The text was updated successfully, but these errors were encountered: