GHSA-m8xj-5v73-3hh8CriticalCVSS 9.8
curlrequest allows execution of arbitrary commands
🔗 CVE IDs covered (1)
📋 Description
curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the options values.
🎯 Affected products1
- npm/curlrequest:<= 1.0.1