Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9mjx-wfqp-j5ph: window-control vulnerable to Command Injection due to improper input sanitization

window-control is an npm package that provides tools to manage window focus. Versions before 1.4.5 are vulnerable to Command Injection via the sendKeys function due to improper input sanitization.

ghsa
#nodejs#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-25926

window-control vulnerable to Command Injection due to improper input sanitization

High severity GitHub Reviewed Published Jan 4, 2023 • Updated Jan 6, 2023

Package

npm window-control (npm)

Affected versions

< 1.4.5

Description

Related news

CVE-2022-25926: fix: add sanitisation to user input · bruno-robert/window-control@075c854

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

ghsa: Latest News

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization