Search criteria
1 vulnerability by growl_project
CVE-2017-16042 (GCVE-0-2017-16042)
Vulnerability from cvelistv5 – Published: 2018-06-04 19:00 – Updated: 2024-09-16 17:08
VLAI
Summary
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Severity
No CVSS data available.
CWE
- CWE-94 - Code Injection (CWE-94)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://nodesecurity.io/advisories/146 | x_refsource_MISC |
| https://github.com/tj/node-growl/pull/61 | x_refsource_MISC |
| https://github.com/tj/node-growl/issues/60 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | growl node module |
Affected:
<1.10.2
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:06.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tj/node-growl/pull/61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tj/node-growl/issues/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "growl node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c1.10.2"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-04T18:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tj/node-growl/pull/61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tj/node-growl/issues/60"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "growl node module",
"version": {
"version_data": [
{
"version_value": "\u003c1.10.2"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/146",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/146"
},
{
"name": "https://github.com/tj/node-growl/pull/61",
"refsource": "MISC",
"url": "https://github.com/tj/node-growl/pull/61"
},
{
"name": "https://github.com/tj/node-growl/issues/60",
"refsource": "MISC",
"url": "https://github.com/tj/node-growl/issues/60"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16042",
"datePublished": "2018-06-04T19:00:00.000Z",
"dateReserved": "2017-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:08:21.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}