Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-7xhv-mpjw-422f: Command injection in google-it

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved from google to a shell command, potentially exposing the server to RCE.

ghsa
Open in Source
#google#nodejs#js#git#rce

Command injection in google-it

High severity GitHub Reviewed Published Jun 3, 2022 • Updated Jun 3, 2022

Related news

CVE-2021-34083: google-it/googleIt.js at v1.6.2 · PatNeedham/google-it

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.

ghsa: Latest News

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection
ghsa