Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-75w2-qv55-x7fv: openssl npm package vulnerable to command execution

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as “a nonsense wrapper with no real purpose” by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

ghsa
#vulnerability#nodejs#git#auth#ssl

openssl npm package vulnerable to command execution

Moderate severity GitHub Reviewed Published Nov 23, 2023 to the GitHub Advisory Database • Updated Nov 27, 2023

Related news

CVE-2023-49210: Package openssl: Function exec is called (#41) and a single argument ("command") is passed to the function, enabling the injection of commands. The package's exported openssl() function (see index.js

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection