An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNmotNGgyYy1jNjVw
Arbitrary Code Execution in require-node
require-node prior to 1.3.4 for 1.x and 2.0.4 for 2.x are vulnerable to Arbitrary Code Execution. The package fails to sanitize requests to the
require-node endpoint, allowing attackers to execute arbitrary code in the server through the injection of OS commands in the request body.
- If you are using 1.x, upgrade to version 1.3.4 or later.
- If you are using 2.x, upgrade to version 2.0.4 or later.
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
Fixed in: 2.0.4, 1.3.4