Headline
CVE-2021-34084: Checkmarx Advisory
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.
From time to time, our security researchers find zero-day vulnerabilities in open source projects. When this happens, we inform the relevant maintaners of the package and publish our findings here only after they’ve been remediated, or when a patch is available.
Related news
GHSA-gwp3-f7mr-qpfv: OS Command Injection in s3-uploader
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.