Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2

Code injection in @rkesters/gnuplot

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.

Permalink: https://github.com/advisories/GHSA-f2jw-pr2c-9x96
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: about 1 year ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-f2jw-pr2c-9x96, CVE-2021-29369
References: Repository: https://github.com/rkesters/gnuplot

Affected Packages

npm:@rkesters/gnuplot
Dependent packages: 2
Dependent repositories: 0
Downloads: 15 last month
Affected Version Ranges: < 0.1.1
Fixed in: 0.1.1
All affected versions: 0.0.1, 0.0.2, 0.1.0
All unaffected versions: 0.1.1