Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9mjx-wfqp-j5ph: window-control vulnerable to Command Injection due to improper input sanitization

window-control is an npm package that provides tools to manage window focus. Versions before 1.4.5 are vulnerable to Command Injection via the sendKeys function due to improper input sanitization.

ghsa
Open in Source
#nodejs#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-25926

window-control vulnerable to Command Injection due to improper input sanitization

High severity GitHub Reviewed Published Jan 4, 2023 • Updated Jan 6, 2023

Package

npm window-control (npm)

Affected versions

< 1.4.5

Description

Related news

CVE-2022-25926: fix: add sanitisation to user input · bruno-robert/window-control@075c854

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
ghsa