You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. The cmd list is stringed and executed inside the exec function without checking the buildRoot and specFile variables, which are controlled by the user, leading to RCE.
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Vulnerability Description
Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a
commandthat will be executed without any checks. Thecmdlist is stringed and executed inside theexecfunction without checking thebuildRootandspecFilevariables, which are controlled by the user, leading toRCE.The issue arises here:
https://github.com/rictorres/node-rpm-builder/blob/master/index.js#L119
Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
The text was updated successfully, but these errors were encountered: