GHSA-4xrw-wvmq-8jmhCriticalCVSS 9.8

OS Command Injection in node-key-sender

Published
February 10, 2022
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.

🎯 Affected products1

  • npm/node-key-sender:<= 1.0.11

🔗 References (4)