Main Vulnerability Database Vulnerabilities #VU14269

#VU14269 OS command injection in growl - CVE-2017-16042

Published: August 6, 2018 / Updated: August 8, 2018

Vulnerability identifier: #VU14269

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-16042

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
growl

Software vendor:
npm Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient validation of user supplied input. A remote unauthenticated attacker can submit specially crafted data to inject and execute arbitrary shell commands.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 1.10.2 or later.

External links

https://www.npmjs.com/advisories/146

#VU14269 OS command injection in growl - CVE-2017-16042

Description

Remediation

External links

Please verify you're human