Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2
Code injection in @rkesters/gnuplot
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
Permalink: https://github.com/advisories/GHSA-f2jw-pr2c-9x96JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: 4 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-f2jw-pr2c-9x96, CVE-2021-29369
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-29369
- https://github.com/rkesters/gnuplot/commit/23671d4d3d28570fb19a936a6328bfac742410de
- https://www.npmjs.com/package/@rkesters/gnuplot
- https://github.com/advisories/GHSA-f2jw-pr2c-9x96
Affected Packages
npm:@rkesters/gnuplot
Versions: < 0.1.1Fixed in: 0.1.1