Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNmotNGgyYy1jNjVw

Arbitrary Code Execution in require-node

Versions of require-node prior to 1.3.4 for 1.x and 2.0.4 for 2.x are vulnerable to Arbitrary Code Execution. The package fails to sanitize requests to the require-node endpoint, allowing attackers to execute arbitrary code in the server through the injection of OS commands in the request body.

Recommendation

If you are using 1.x, upgrade to version 1.3.4 or later.
If you are using 2.x, upgrade to version 2.0.4 or later.

Permalink: https://github.com/advisories/GHSA-8j6j-4h2c-c65p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNmotNGgyYy1jNjVw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 3 years ago
Updated: 9 months ago

Identifiers: GHSA-8j6j-4h2c-c65p
References:

Affected Packages

npm:require-node

Versions: >= 2.0.0, < 2.0.4, < 1.3.4
Fixed in: 2.0.4, 1.3.4