Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jira
onms security jiraLabels
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created July 20, 2023 at 3:02 AM
Updated July 20, 2023 at 3:02 AM
Impact
Output from the synchronous version of `shell.exec()` may be visible to other users on the same system. You may be affected if you execute `shell.exec()` in multi-user Mac, Linux, or WSL environments, or if you execute `shell.exec()` as the root user.
Other shelljs functions (including the asynchronous version of `shell.exec()`) are not impacted.
Patches
Patched in shelljs 0.8.5
Workarounds
Recommended action is to upgrade to 0.8.5.
References
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
For more information
If you have any questions or comments about this advisory:
Ask at https://github.com/shelljs/shelljs/issues/1058
Open an issue at https://github.com/shelljs/shelljs/issues/new
Repository: OpenNMS/newts (https://github.com/OpenNMS/newts)
Dependabot: https://github.com/OpenNMS/newts/security/dependabot/42
CVE:
CVSS:
GHSA: GHSA-64g7-mvw6-v9qj
Severity: medium
Ecosystem: npm
Package Name: shelljs
Vulnerable Version Range: < 0.8.5
First Patched Version: 0.8.5