An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2

Code injection in @rkesters/gnuplot

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: over 1 year ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-f2jw-pr2c-9x96, CVE-2021-29369
References: Repository:
Blast Radius: 1.0

Affected Packages

Dependent packages: 2
Dependent repositories: 0
Downloads: 12 last month
Affected Version Ranges: < 0.1.1
Fixed in: 0.1.1
All affected versions: 0.0.1, 0.0.2, 0.1.0
All unaffected versions: 0.1.1