Security Alert - Package: node-notifier; Severity: MODERATE

Question

Security Alert - Package: node-notifier; Severity: MODERATE

Closed this issue 3 years ago · 1 comments

due: 2022-03-26

    Affected package: node-notifier
    Ecosystem: NPM
    Affected version range: < 8.0.1

    Summary: OS Command Injection in node-notifier
    Description: This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
    identifiers: [{'type': 'GHSA', 'value': 'GHSA-5fw9-fq32-wv5p'}, {'type': 'CVE', 'value': 'CVE-2020-7789'}]

    Fixed Version: 8.0.1
    Created Date = January 18, 2022

    

    ---

Answer 1 · 2022-02-24T00:01:41.000Z

@phenggeler - label applied: Due this month.