You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snyk Description: ## Overview shelljs is a wrapper for the Unix shell commands for Node.js.
Affected versions of this package are vulnerable to Improper Privilege Management. When ShellJS is used to create shell scripts which may be running as root, users with low-level privileges on the system can leak sensitive information such as passwords (depending on implementation) from the standard output of the privileged process OR shutdown privileged ShellJS processes via the exec function when triggering EACCESS errors.
Note: Thi only impacts the synchronous version of shell.exec().
Package Name: shelljs
Package Version: ['0.3.0']
Package Manager: npm
Target File: package.json
Severity Level: high
Snyk ID: SNYK-JS-SHELLJS-2332187
Snyk CVE: CVE-2022-0144
Snyk CWE: CWE-269
Link to issue in Snyk: https://app.snyk.io/org/cse_snyk-playground/project/3af44f44-d085-4709-afa8-a4bc1c966aa1
Snyk Description: ## Overview
shelljs is a wrapper for the Unix shell commands for Node.js.
Affected versions of this package are vulnerable to Improper Privilege Management. When
ShellJS
is used to create shell scripts which may be running asroot
, users with low-level privileges on the system can leak sensitive information such as passwords (depending on implementation) from the standard output of the privileged process OR shutdown privilegedShellJS
processes via theexec
function when triggering EACCESS errors.Note: Thi only impacts the synchronous version of
shell.exec()
.Remediation
Upgrade
shelljs
to version 0.8.5 or higher.References
The text was updated successfully, but these errors were encountered: