Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High severity vulnerability in shelljs 0.8.1 #842

Closed
gms1 opened this issue May 5, 2018 · 1 comment
Closed

High severity vulnerability in shelljs 0.8.1 #842

gms1 opened this issue May 5, 2018 · 1 comment
Labels
exec Issues specific to the shell.exec() API security

Comments

@gms1
Copy link

gms1 commented May 5, 2018

see:
https://snyk.io/test/npm/shelljs/0.8.1?severity=high&severity=medium&severity=low
@gms1 gms1 changed the title vulnerability in shelljs 0.8.1 High severity vulnerability in shelljs 0.8.1 May 5, 2018
@gms1 gms1 mentioned this issue May 5, 2018
Closed
@nfischer
Copy link
Member

nfischer commented May 7, 2018

Duplicate of #766

@nfischer nfischer marked this as a duplicate of #766 May 7, 2018
@nfischer nfischer closed this as completed May 7, 2018
@nfischer nfischer added security exec Issues specific to the shell.exec() API labels Jun 26, 2019
nfischer added a commit that referenced this issue Jun 26, 2019
@nfischer
docs(exec): document security concerns
e63899d 
No change to logic.

This adds documentation about `shell.exec()`'s inherent vulnerability to
command injection and links to a more detailed security notice.

Issue #103, #143, #495, #765, #766, #810, #842, #938, #945
@nfischer nfischer mentioned this issue Jun 26, 2019
Merged
nfischer added a commit that referenced this issue Jun 26, 2019
@nfischer
docs(exec): document security concerns (#950)
68c3822 
No change to logic.

This adds documentation about `shell.exec()`'s inherent vulnerability to
command injection and links to a more detailed security notice.

Issue #103, #143, #495, #765, #766, #810, #842, #938, #945
@shelljs shelljs locked as resolved and limited conversation to collaborators Jul 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
exec Issues specific to the shell.exec() API security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gms1 @nfischer