GHSA-m8xj-5v73-3hh8CriticalCVSS 9.8

curlrequest allows execution of arbitrary commands

Published
May 13, 2020
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the options values.

🎯 Affected products1

  • npm/curlrequest:<= 1.0.1

🔗 References (4)